pf: Fix a lock leak in pf_ioctl_addrule()
ClosedPublic
Actions

Authored by markj on Jul 27 2025, 1:26 PM.

Details

Reviewers

Commits

rG6efe8e6be413: pf: Fix a lock leak in pf_ioctl_addrule()

Summary

The ERROUT macro assumes that the rules lock is held, but some error
paths arise before that lock is acquired. Introduce ERROUT_UNLOCKED for
that case.

Reported by: syzkaller
Fixes: cc68decda316 ("pf: Reject rules with invalid port ranges")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Jul 27 2025, 1:26 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptJul 27 2025, 1:26 PM

Harbormaster completed remote builds in B65769: Diff 159227.Jul 27 2025, 1:26 PM

markj requested review of this revision.Jul 27 2025, 1:26 PM

kp accepted this revision.Jul 28 2025, 3:36 PM

kp added inline comments.

sys/netpfil/pf/pf_ioctl.c
2296	We should probably `#undef ERROUT_UNLOCKED` here. It doesn't matter now, but if we ever use it in another function we'll have to. We may as well do it now.