HomeFreeBSD
Diffusion FreeBSD src repository 413ae023b056

pf: rework pf_icmp_state_lookup() failure mode
413ae023b056
Actions

Description

pf: rework pf_icmp_state_lookup() failure mode

If pf_icmp_state_lookup() finds a state but rejects it for not matching the
expected direction we should unlock the state (and NULL out *state). This
simplifies life for callers, and also ensures there's no confusion about what a
non-NULL returned state means.

Previously it could have been left in there by the caller, resulting in callers
unlocking the same state twice.

Approved by: so
Security: FreeBSD-EN-24:16.pf
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 0578fe492284ded4745167060be794032e6e22f0)
(cherry picked from commit 38f74de7184ac3ad7acc48055551aaa9ec9cded9)

Details

Provenance
kpAuthored on Fri, Aug 30, 11:36 AM
markjCommitted on Thu, Sep 19, 12:58 PM
Parents
rGe854c92f30aa: pf: be less strict about icmp state checking for sloppy state tracking
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
net/
netpfil/
pf/

rG413ae023b056

View Options

sys/net/pfvar.h

Loading...
View Options

sys/netpfil/pf/pf.c

Loading...