The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0f86492b09ca82042166a41f6f21b2dbe4f4a464
commit 0f86492b09ca82042166a41f6f21b2dbe4f4a464 Author: Kristof Provost <[email protected]> AuthorDate: 2021-06-01 14:05:47 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2021-06-01 20:41:20 +0000 pf: Fix more ioctl memory leaks We must also remember to free nvlists added to a parent nvlist with nvlist_append_nvlist_array(). More importantly, when nvlist_pack() allocates memory for us it does so in the M_NVLIST zone, so we must free it with free(.., M_NVLIST). Using free(.., M_TEMP) as we did silently failed to free the memory. MFC after: 3 days Reported by: kib@ Tested by: kib@ Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D30595 --- sys/netpfil/pf/pf_ioctl.c | 27 ++++++++++++++------------- sys/netpfil/pf/pf_nv.c | 1 + 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 42c22ef9b894..766710afd1dd 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2426,7 +2426,7 @@ DIOCADDRULENV_error: ERROUT(ENOMEM); /* Copy the request in */ - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -2504,7 +2504,7 @@ DIOCADDRULENV_error: ERROUT(EBUSY); } - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlpacked = nvlist_pack(nvl, &nv->len); if (nvlpacked == NULL) { PF_RULES_WUNLOCK(); @@ -2534,7 +2534,7 @@ DIOCADDRULENV_error: #undef ERROUT DIOCGETRULENV_error: - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlist_destroy(nvrule); nvlist_destroy(nvl); @@ -4918,7 +4918,7 @@ pf_killstates_nv(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -4936,7 +4936,7 @@ pf_killstates_nv(struct pfioc_nv *nv) error = pf_killstates(&kill, &killed); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlpacked = NULL; nvlist_destroy(nvl); nvl = nvlist_create(0); @@ -4958,7 +4958,7 @@ pf_killstates_nv(struct pfioc_nv *nv) on_error: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } @@ -4976,7 +4976,7 @@ pf_clearstates_nv(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -4994,7 +4994,7 @@ pf_clearstates_nv(struct pfioc_nv *nv) killed = pf_clear_states(&kill); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlpacked = NULL; nvlist_destroy(nvl); nvl = nvlist_create(0); @@ -5017,7 +5017,7 @@ pf_clearstates_nv(struct pfioc_nv *nv) #undef ERROUT on_error: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } @@ -5035,7 +5035,7 @@ pf_getstate(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -5054,7 +5054,7 @@ pf_getstate(struct pfioc_nv *nv) if (s == NULL) ERROUT(ENOENT); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlpacked = NULL; nvlist_destroy(nvl); nvl = nvlist_create(0); @@ -5083,7 +5083,7 @@ pf_getstate(struct pfioc_nv *nv) errout: if (s != NULL) PF_STATE_UNLOCK(s); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlist_destroy(nvl); return (error); } @@ -5125,6 +5125,7 @@ pf_getstates(struct pfioc_nv *nv) goto DIOCGETSTATESNV_full; } nvlist_append_nvlist_array(nvl, "states", nvls); + nvlist_destroy(nvls); count++; } PF_HASHROW_UNLOCK(ih); @@ -5151,7 +5152,7 @@ DIOCGETSTATESNV_full: #undef ERROUT errout: - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlist_destroy(nvl); return (error); } diff --git a/sys/netpfil/pf/pf_nv.c b/sys/netpfil/pf/pf_nv.c index ae9f7d99b26a..31943ba69687 100644 --- a/sys/netpfil/pf/pf_nv.c +++ b/sys/netpfil/pf/pf_nv.c @@ -861,6 +861,7 @@ pf_state_key_to_nvstate_key(const struct pf_state_key *key) if (tmp == NULL) goto errout; nvlist_append_nvlist_array(nvl, "addr", tmp); + nvlist_destroy(tmp); nvlist_append_number_array(nvl, "port", key->port[i]); } nvlist_add_number(nvl, "af", key->af); _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
