HomeFreeBSD

libpfctl: fix pfctl_do_ioctl()

Description

libpfctl: fix pfctl_do_ioctl()

pfctl_do_ioctl() copies the packed request data into the request buffer
and then frees it. However, it's possible for the buffer to be too small
for the reply, causing us to allocate a new buffer. We then copied from
the freed request, and freed it again.

Do not free the request buffer until we're all the way done.

PR: 274614
Reviewed by: emaste
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42329

(cherry picked from commit 2cffb52514b070e716e700c7f58fdb8cd9b05335)

Details

Provenance
kpAuthored on Oct 23 2023, 11:43 AM
Reviewer
emaste
Differential Revision
D42329: libpfctl: fix pfctl_do_ioctl()
Parents
rG9abf60f5cebf: netlink: fix potential llentry lock leak in newneigh handler
Branches
Unknown
Tags
Unknown