[Bug 255859] [Patch] ipfilter/netinent: Fix a use after free in ipf_nat_rule_deref
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri May 14 08:29:20 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859
--- Comment #1 from lylgood at foxmail.com ---
Comment on attachment 224922
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224922
correct in_tqehead index number
>diff --git a/contrib/ipfilter/netinet/ip_nat.c b/contrib/ipfilter/netinet/ip_nat.c.orig
>index 0475a4386079..41e51880b3dd 100644
>--- a/contrib/ipfilter/netinet/ip_nat.c
>+++ b/contrib/ipfilter/netinet/ip_nat.c.orig
>@@ -6245,7 +6245,7 @@ ipf_nat_rule_deref(softc, inp)
>
> if (n->in_tqehead[0] != NULL) {
> if (ipf_deletetimeoutqueue(n->in_tqehead[0]) == 0) {
>+ ipf_freetimeoutqueue(softc, n->in_tqehead[0]);
>- ipf_freetimeoutqueue(softc, n->in_tqehead[1]);
> }
> }
>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list