fix a potential use-after-free in pf_state_rm_src_node

found by jsg; ok jsg mikeb
author: henning <henning@openbsd.org> 2015-05-11 12:22:14 +0000
committer: henning <henning@openbsd.org> 2015-05-11 12:22:14 +0000
commit: 22d720b9d06d3bf2089ec42ea22d1ab437bb914a (patch)
tree: 924eed6c9d56f55d42509baae572ba8a2e68ce41
parent: explicit_bzero(3) on private data, in case of core dumps (and being a good example) (diff)
download: wireguard-openbsd-22d720b9d06d3bf2089ec42ea22d1ab437bb914a.tar.xz
wireguard-openbsd-22d720b9d06d3bf2089ec42ea22d1ab437bb914a.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 402c01c4f0d..5bd5864a9ec 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.912 2015/04/17 11:04:01 mikeb Exp $ */
+/*	$OpenBSD: pf.c,v 1.913 2015/05/11 12:22:14 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -611,9 +611,11 @@ pf_state_rm_src_node(struct pf_state *s, struct pf_src_node *sn)
 			else
 				SLIST_REMOVE_HEAD(&s->src_nodes, next);
 			pool_put(&pf_sn_item_pl, sni);
+			sni = NULL;
 			sn->states--;
 		}
-		snip = sni;
+		if (sni != NULL)
+			snip = sni;
 	}
 }
author	henning <henning@openbsd.org>	2015-05-11 12:22:14 +0000
committer	henning <henning@openbsd.org>	2015-05-11 12:22:14 +0000
commit	22d720b9d06d3bf2089ec42ea22d1ab437bb914a (patch)
tree	924eed6c9d56f55d42509baae572ba8a2e68ce41
parent	explicit_bzero(3) on private data, in case of core dumps (and being a good example) (diff)
download	wireguard-openbsd-22d720b9d06d3bf2089ec42ea22d1ab437bb914a.tar.xz wireguard-openbsd-22d720b9d06d3bf2089ec42ea22d1ab437bb914a.zip