d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipfilter: Fix ip_nat memory leak and use-after-free

Browse Source 
Unfortunately the wrong elemet is freed, also resulting in use-after-free.

PR:		255859
Submitted by:	lylgood@foxmail.com
Reported by:	lylgood@foxmail.com
MFC after:	3 days
This commit is contained in:
Cy Schubert 2021-05-25 11:54:49 -07:00
parent d72cd27518
commit 323a4e2c4e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/contrib/ipfilter/netinet/ip_nat.c
View File

@ -6245,7 +6245,7 @@ ipf_nat_rule_deref(softc, inp)
if (n->in_tqehead[0] != NULL) {
if (ipf_deletetimeoutqueue(n->in_tqehead[0]) == 0) {
ipf_freetimeoutqueue(softc, n->in_tqehead[1]);
ipf_freetimeoutqueue(softc, n->in_tqehead[0]);
}
}