pf: shared forwarding on non existing interfaces (proposal for opnsen…

…se#52) when ifp is null packets are marked bad, which means *m points to a freed address. reset *m and return in that case.
BlackhawkNest · May 12, 2020 · 923c95c · 923c95c
1 parent f3b129a
commit 923c95c
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
@@ -5669,7 +5669,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		PF_STATE_UNLOCK(s);
 bad:
 	m_freem(m0);
-	goto done;
+	*m = NULL;
 }
 
 static void
@@ -5750,7 +5750,6 @@ pf_route_shared(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *ifp,
 	if (ip_set_fwdtag(m0, &dst, ifp))
 		goto bad;
 
-done:
 	if ((r->rt == PF_DUPTO || r->rt == PF_REPLYTO) && IP_HAS_NEXTHOP(m0)) {
 		ip_forward(m0, 1);
 		if (r->rt == PF_REPLYTO)
@@ -5763,7 +5762,7 @@ pf_route_shared(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *ifp,
 		PF_STATE_UNLOCK(s);
 bad:
 	m_freem(m0);
-	goto done;
+	*m = NULL;
 }
 #endif /* INET */
 
@@ -5890,7 +5889,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp,
 		PF_STATE_UNLOCK(s);
 bad:
 	m_freem(m0);
-	goto done;
+	*m = NULL;
 }
 
 static void
@@ -5975,7 +5974,6 @@ pf_route6_shared(struct mbuf **m, struct pf_rule *r, int dir,
 	if (ip6_set_fwdtag(m0, &dst, ifp))
 		goto bad;
 
-done:
 	if ((r->rt == PF_DUPTO || r->rt == PF_REPLYTO) && IP6_HAS_NEXTHOP(m0)) {
 		ip6_forward(m0, 1);
 		if (r->rt == PF_REPLYTO)
@@ -5989,7 +5987,7 @@ pf_route6_shared(struct mbuf **m, struct pf_rule *r, int dir,
 		PF_STATE_UNLOCK(s);
 bad:
 	m_freem(m0);
-	goto done;
+	*m = NULL;
 }
 #endif /* INET6 */