pf: Fix match_rules memory leak
AbandonedPublic
Actions

Authored by vegeta_tuxpowered.net on Feb 13 2024, 4:40 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Apr 27, 7:31 AM

	Unknown Object (File)
	Sat, Apr 27, 6:12 AM

	Unknown Object (File)
	Sat, Apr 27, 5:40 AM

	Unknown Object (File)
	Thu, Apr 25, 11:12 PM

	Unknown Object (File)
	Mon, Apr 22, 12:40 PM

	Unknown Object (File)
	Feb 20 2024, 3:18 AM

Subscribers

Details

Reviewers: None

Summary

During evaluation of the ruleset by pf_test_rule() all "match" rules are
gathered in match_rules to be later copied into a state once a "pass"
rule finally accepts the packet.

When pf_create_state() fails due to hitting limits it terminates early
without calling pf_free_state(), as the state has not been allocated
yet. In such case free match_rules as the caller pf_test_rule() won't do
it.