git: f3b722fed330 - stable/12 - pfsync: NULL check before dereference
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 27 Apr 2022 12:50:30 UTC
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=f3b722fed330ee3a08a21947d6b4cf2fb70cc562
commit f3b722fed330ee3a08a21947d6b4cf2fb70cc562
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-04-21 12:40:32 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-04-27 06:49:25 +0000
pfsync: NULL check before dereference
Move the use of 'sc' to after the NULL check.
It's very unlikely that we'd actually hit this, but Coverity is correct
that it's not a good idea to dereference the pointer and only then NULL
check it.
Reported by: Coverity (CID 1398362)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 43020350635150eeb439c035f608ec9e78ddff8f)
---
sys/netpfil/pf/if_pfsync.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index cc053b53204a..470c2f176328 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1737,7 +1737,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_deferral *pd;
- struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
+ struct pfsync_bucket *b;
if (m->m_flags & (M_BCAST|M_MCAST))
return (0);
@@ -1745,6 +1745,8 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
if (sc == NULL)
return (0);
+ b = pfsync_get_bucket(sc, st);
+
PFSYNC_LOCK(sc);
if (!(sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) ||