From 16a227c7c914ca5cce1c2ff0c62273c10c172cde Mon Sep 17 00:00:00 2001
From: "Jonathan T. Looney" <jtl@FreeBSD.org>
Date: Mon, 11 Jun 2018 23:32:06 +0000
Subject: [PATCH] Fix a memory leak for the BIOCSETWF ioctl on kernels with the
 BPF_JITTER option.

The BPF code was creating a compiled filter in the common filter-creation
path.  However, BPF only uses compiled filters in the read direction.
When creating a write filter, the common filter-creation code was
creating an unneeded write filter and leaking the memory used for that.

MFC after:	2 weeks
Sponsored by:	Netflix
---
 sys/net/bpf.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 3890f6489c09..841d45421634 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -1895,8 +1895,13 @@ bpf_setf(struct bpf_d *d, struct bpf_program *fp, u_long cmd)
 			return (EINVAL);
 		}
 #ifdef BPF_JITTER
-		/* Filter is copied inside fcode and is perfectly valid. */
-		jfunc = bpf_jitter(fcode, flen);
+		if (cmd != BIOCSETWF) {
+			/*
+			 * Filter is copied inside fcode and is
+			 * perfectly valid.
+			 */
+			jfunc = bpf_jitter(fcode, flen);
+		}
 #endif
 	}