Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Mar 2015 08:57:25 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r279910 - head/sys/netpfil/pf
Message-ID:  <201503120857.t2C8vPqA067974@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Thu Mar 12 08:57:24 2015
New Revision: 279910
URL: https://svnweb.freebsd.org/changeset/base/279910

Log:
  Reset mbuf pointer to NULL in fastroute case to indicate that mbuf was
  consumed by filter. This fixes several panics due to accessing to mbuf
  after free.
  
  Submitted by:	Kristof Provost
  MFC after:	1 week

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Thu Mar 12 08:52:00 2015	(r279909)
+++ head/sys/netpfil/pf/pf.c	Thu Mar 12 08:57:24 2015	(r279910)
@@ -5470,6 +5470,7 @@ pf_route6(struct mbuf **m, struct pf_rul
 			PF_STATE_UNLOCK(s);
 		m0->m_flags |= M_SKIP_FIREWALL;
 		ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL);
+		*m = NULL;
 		return;
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503120857.t2C8vPqA067974>