From 3c40232395dbe672151c48bf8c907ef250db35b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ermal=20Lu=C3=A7i?= Date: Wed, 29 Jul 2015 20:10:36 +0000 Subject: [PATCH] Avoid double reference decrement when firewalls force relooping of packets When firewalls force a reloop of packets and the caller supplied a route the reference to the route might be reduced twice creating issues. This is especially the scenario when a packet is looped because of operation in the firewall but the new route lookup gives a down route. Differential Revision: https://reviews.freebsd.org/D3037 Reviewed by: gnn Approved by: gnn(mentor) --- sys/netinet/ip_output.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index d36548aa7e66..079077745e13 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -681,6 +681,13 @@ sendit: done: if (ro == &iproute) RO_RTFREE(ro); + else if (rte == NULL) + /* + * If the caller supplied a route but somehow the reference + * to it has been released need to prevent the caller + * calling RTFREE on it again. + */ + ro->ro_rt = NULL; if (have_ia_ref) ifa_free(&ia->ia_ifa); return (error);