git: 7d296e1f0d8d - stable/12 - pf: ensure we don't destroy an uninitialised lock
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Feb 2022 14:23:22 UTC
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=7d296e1f0d8d39a4d455ec049e2232638b6ecaf3
commit 7d296e1f0d8d39a4d455ec049e2232638b6ecaf3
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-01-16 07:52:18 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-02-04 10:38:07 +0000
pf: ensure we don't destroy an uninitialised lock
The new lock introduced in 5f5e32f1b3 needs to be initialised early so
that it can be safely destroyed if we error out.
Reported-by: syzbot+d76113e9a4ae0c0fcac2@syzkaller.appspotmail.com
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit e5ca5e801d3c806a767c427360c48e935a5facd4)
---
sys/netpfil/pf/pf_ioctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 48bbfe53b948..4774d88be65c 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1970,6 +1970,8 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
int rs_num;
int error = 0;
+ mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
+
if ((rule->return_icmp >> 8) > ICMP_MAXTYPE) {
error = EINVAL;
goto errout_unlocked;
@@ -2110,7 +2112,6 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
rule, entries);
ruleset->rules[rs_num].inactive.rcount++;
- mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
PF_RULES_WUNLOCK();
return (0);