Hello,

this bug has been found and reported by Hrvoje@ [1].
I took my chance and asked Hrvoje to test a small diff [2].
I would like to ask for OK to commit this fix which makes
Hrvoje's test box happy. Diff below is same to one found
at bugs@. The thing is that pfsync_bulk_update() function
must check first if there is anything to update, otherwise
we may day due to NULL pointer dereference.

thanks and
regards
sashan

[1] https://marc.info/?l=openbsd-bugs&m=167578573111413&w=2

[2] https://marc.info/?l=openbsd-bugs&m=167584283809140&w=2

--------8<---------------8<---------------8<------------------8<--------
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index e2c86971336..1fa58f6fab9 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -2464,6 +2464,11 @@ pfsync_bulk_update(void *arg)
        st = sc->sc_bulk_next;
        sc->sc_bulk_next = NULL;
 
+       if (st == NULL) {
+               rw_exit_read(&pf_state_list.pfs_rwl);
+               goto out;
+       }
+
        for (;;) {
                if (st->sync_state == PFSYNC_S_NONE &&
                    st->timeout < PFTM_MAX &&

Reply via email to