pf: Fix a lock leak in pf_ioctl_addrule()
ClosedPublic
Actions

Authored by markj on Sun, Jul 27, 1:26 PM.

Details

Reviewers

Commits

rG6efe8e6be413: pf: Fix a lock leak in pf_ioctl_addrule()

Summary

The ERROUT macro assumes that the rules lock is held, but some error
paths arise before that lock is acquired. Introduce ERROUT_UNLOCKED for
that case.

Reported by: syzkaller
Fixes: cc68decda316 ("pf: Reject rules with invalid port ranges")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 65769
Build 62652: arc lint + arc unit

Event Timeline

markj created this revision.Sun, Jul 27, 1:26 PM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptSun, Jul 27, 1:26 PM

Harbormaster completed remote builds in B65769: Diff 159227.Sun, Jul 27, 1:26 PM

markj requested review of this revision.Sun, Jul 27, 1:26 PM

kp accepted this revision.Mon, Jul 28, 3:36 PM

kp added inline comments.

sys/netpfil/pf/pf_ioctl.c
2296	We should probably `#undef ERROUT_UNLOCKED` here. It doesn't matter now, but if we ever use it in another function we'll have to. We may as well do it now.