Date: Thu, 12 Mar 2015 08:57:25 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r279910 - head/sys/netpfil/pf Message-ID: <201503120857.t2C8vPqA067974@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Mar 12 08:57:24 2015 New Revision: 279910 URL: https://svnweb.freebsd.org/changeset/base/279910 Log: Reset mbuf pointer to NULL in fastroute case to indicate that mbuf was consumed by filter. This fixes several panics due to accessing to mbuf after free. Submitted by: Kristof Provost MFC after: 1 week Modified: head/sys/netpfil/pf/pf.c Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Thu Mar 12 08:52:00 2015 (r279909) +++ head/sys/netpfil/pf/pf.c Thu Mar 12 08:57:24 2015 (r279910) @@ -5470,6 +5470,7 @@ pf_route6(struct mbuf **m, struct pf_rul PF_STATE_UNLOCK(s); m0->m_flags |= M_SKIP_FIREWALL; ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL); + *m = NULL; return; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503120857.t2C8vPqA067974>