Avoid access to stale ip pointer and call UPDATE_POINTERS() after

PULLUP_LEN_LOCKED(). PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related pointers that can be used in next opcodes. Reported by: Maxime Villard <max at m00nbsd net> MFC after: 1 week
svn path=/head/; revision=355581
2019-12-10 10:35:32 +00:00 · 2019-12-10 10:35:32 +00:00 · ca0ac0a6c1 · 2020-12-20 02:59:44 +00:00
commit ca0ac0a6c1
parent aa7bdbc00c
1 changed files with 2 additions and 1 deletions
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@ -1465,7 +1465,8 @@ do {								\

 #define	PULLUP_LEN(_len, p, T)	_PULLUP_LOCKED(_len, p, T, )
 #define	PULLUP_LEN_LOCKED(_len, p, T)	\
-    _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain))
+    _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain));	\
+    UPDATE_POINTERS()
 /*
 * In case pointers got stale after pullups, update them.
 */