git: 430203506351 - main - pfsync: NULL check before dereference
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 21 Apr 2022 16:16:27 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=43020350635150eeb439c035f608ec9e78ddff8f
commit 43020350635150eeb439c035f608ec9e78ddff8f
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-04-21 12:40:32 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-04-21 15:59:45 +0000
pfsync: NULL check before dereference
Move the use of 'sc' to after the NULL check.
It's very unlikely that we'd actually hit this, but Coverity is correct
that it's not a good idea to dereference the pointer and only then NULL
check it.
Reported by: Coverity (CID 1398362)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/if_pfsync.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 1f4afad129ca..8edc5564b9a7 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1735,7 +1735,7 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
{
struct pfsync_softc *sc = V_pfsyncif;
struct pfsync_deferral *pd;
- struct pfsync_bucket *b = pfsync_get_bucket(sc, st);
+ struct pfsync_bucket *b;
if (m->m_flags & (M_BCAST|M_MCAST))
return (0);
@@ -1743,6 +1743,8 @@ pfsync_defer(struct pf_kstate *st, struct mbuf *m)
if (sc == NULL)
return (0);
+ b = pfsync_get_bucket(sc, st);
+
PFSYNC_LOCK(sc);
if (!(sc->sc_ifp->if_drv_flags & IFF_DRV_RUNNING) ||