pf: fix udp_mapping cleanup
ClosedPublic
Actions

Authored by kp on Thu, Nov 13, 3:23 PM.

Tags

None

Referenced Files

	F136848549: D53737.id.diff
	Thu, Nov 20, 1:55 AM

	F136848547: D53737.id166366.diff
	Thu, Nov 20, 1:55 AM

	F136848532: D53737.id166576.diff
	Thu, Nov 20, 1:55 AM

	F136847702: D53737.diff
	Thu, Nov 20, 1:46 AM

	Unknown Object (File)
	Fri, Nov 14, 9:06 AM

	Unknown Object (File)
	Fri, Nov 14, 8:36 AM

	Unknown Object (File)
	Fri, Nov 14, 8:36 AM

	Unknown Object (File)
	Fri, Nov 14, 8:30 AM

Subscribers

luke.hamburg_gmail.com

melifaro

vegeta_tuxpowered.net

Details

Reviewers

thj

Group Reviewers

network
pfsense

Commits

rGc12013f5bb38: pf: fix udp_mapping cleanup

Summary

If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

MFC after: 1 week
See also: https://redmine.pfsense.org/issues/16517
Sponsored by: Rubicon Communications, LLC ("Netgate")