Page MenuHomeFreeBSD

pf: Fix a lock leak in pf_ioctl_addrule()
ClosedPublic

Authored by markj on Jul 27 2025, 1:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 13, 2:09 PM
Unknown Object (File)
Sun, Oct 12, 1:08 AM
Unknown Object (File)
Sun, Oct 12, 1:08 AM
Unknown Object (File)
Sat, Oct 11, 10:37 PM
Unknown Object (File)
Sat, Oct 11, 3:38 PM
Unknown Object (File)
Sat, Oct 11, 3:38 PM
Unknown Object (File)
Sat, Oct 11, 7:09 AM
Unknown Object (File)
Fri, Oct 3, 9:13 AM

Details

Summary

The ERROUT macro assumes that the rules lock is held, but some error
paths arise before that lock is acquired. Introduce ERROUT_UNLOCKED for
that case.

Reported by: syzkaller
Fixes: cc68decda316 ("pf: Reject rules with invalid port ranges")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Jul 27 2025, 1:26 PM
kp added inline comments.
sys/netpfil/pf/pf_ioctl.c
2296

We should probably #undef ERROUT_UNLOCKED here.
It doesn't matter now, but if we ever use it in another function we'll have to. We may as well do it now.

This revision is now accepted and ready to land.Jul 28 2025, 3:36 PM
This revision was automatically updated to reflect the committed changes.