Date: Wed, 6 Jul 2016 10:29:29 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r302370 - head/sys/contrib/ipfilter/netinet Message-ID: <201607061029.u66ATUh9056574@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Wed Jul 6 10:29:29 2016 New Revision: 302370 URL: https://svnweb.freebsd.org/changeset/base/302370 Log: Only set the ipfilter running state to 'not running' if we are doing the teardown. ipf_destroy_all() may free ipfmain in case of ipf_dynamic_softc being true, thus we are avoiding a possible memory modified after free as well. Reported by: Coverity Coverity CID: 1357320 Approved by: re (hrs) MFC after: 10 days Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Modified: head/sys/contrib/ipfilter/netinet/mlfk_ipl.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jul 6 05:17:56 2016 (r302369) +++ head/sys/contrib/ipfilter/netinet/mlfk_ipl.c Wed Jul 6 10:29:29 2016 (r302370) @@ -291,13 +291,14 @@ vnet_ipf_uninit(void) return; if (V_ipfmain.ipf_running >= 0) { + if (ipfdetach(&V_ipfmain) != 0) return; + V_ipfmain.ipf_running = -2; + ipf_destroy_all(&V_ipfmain); } - - V_ipfmain.ipf_running = -2; } VNET_SYSUNINIT(vnet_ipf_uninit, SI_SUB_PROTO_FIREWALL, SI_ORDER_THIRD, vnet_ipf_uninit, NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607061029.u66ATUh9056574>