]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bbdfc8f) | patch
Fix use-after-free bugs in pfsync(4)
authorMarcel Moolenaar <marcel@FreeBSD.org>
Fri, 2 Dec 2016 06:15:59 +0000 (06:15 +0000)
committerMarcel Moolenaar <marcel@FreeBSD.org>
Fri, 2 Dec 2016 06:15:59 +0000 (06:15 +0000)
commitd6d35f15619dbd977f44e9431ed9af223bc9b6a9
tree263d20cb9ce5d2c078da5205648938e24d49e4cbtree | snapshot
parentbbdfc8f1ea9ae8bb688f298f141232a2e7a374f2commit | diff
Fix use-after-free bugs in pfsync(4)

Use after free happens for state that is deleted. The reference
count is what prevents the state from being freed. When the
state is dequeued, the reference count is dropped and the memory
freed. We can't dereference the next pointer or re-queue the
state.

MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8671
sys/netpfil/pf/if_pfsync.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.