diff options
| author |   frantzen <frantzen@openbsd.org> | 2003-05-14 01:39:51 +0000 |
|---|---|---|
| committer | frantzen <frantzen@openbsd.org> | 2003-05-14 01:39:51 +0000 |
| commit | 7fb0c598af75e27c332caa2963ba47f1534abb29 (patch) | |
| tree | 49b417743b82f834c939d229d424d9985fdeb975 | |
| parent | em* is starting to show up on lots of machines. for next release, (diff) | |
| download | wireguard-openbsd-7fb0c598af75e27c332caa2963ba47f1534abb29.tar.xz wireguard-openbsd-7fb0c598af75e27c332caa2963ba47f1534abb29.zip | |
fix use after free race when purging the new PF tags
ok henning@
| -rw-r--r-- | sys/net/pf_ioctl.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6ddee7d769d..d0fe22b00db 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.64 2003/05/13 17:45:24 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.65 2003/05/14 01:39:51 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -469,15 +469,17 @@ pf_tag_unref(u_int16_t tag) void pf_tag_purge(void) { - struct pf_tagname *p; + struct pf_tagname *p, *next; - TAILQ_FOREACH_REVERSE(p, &pf_tags, entries, pf_tagnames) + for (p = TAILQ_LAST(&pf_tags, pf_tags); p != NULL; p = next) { + next = TAILQ_PREV(p, pf_tags, entries); if (p->ref == 0) { if (p->tag == tagid) tagid--; TAILQ_REMOVE(&pf_tags, p, entries); free(p, M_TEMP); } + } } int |