FreeBSD Bugzilla – Attachment 224922 Details for
Bug 255859
ipfilter/netinent: ip_nat memory leak and use-after-free
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
correct in_tqehead index number
0001-ipfilter-netinet-uaf-ipf_nat_rule_deref (text/plain), 471 bytes, created by
lylgood
on 2021-05-14 08:26:38 UTC
(
hide
)
Description:
correct in_tqehead index number
Filename:
MIME Type:
Creator:
lylgood
Created:
2021-05-14 08:26:38 UTC
Size:
471 bytes
patch
obsolete
>diff --git a/contrib/ipfilter/netinet/ip_nat.c b/contrib/ipfilter/netinet/ip_nat.c.orig >index 0475a4386079..41e51880b3dd 100644 >--- a/contrib/ipfilter/netinet/ip_nat.c >+++ b/contrib/ipfilter/netinet/ip_nat.c.orig >@@ -6245,7 +6245,7 @@ ipf_nat_rule_deref(softc, inp) > > if (n->in_tqehead[0] != NULL) { > if (ipf_deletetimeoutqueue(n->in_tqehead[0]) == 0) { >- ipf_freetimeoutqueue(softc, n->in_tqehead[0]); >+ ipf_freetimeoutqueue(softc, n->in_tqehead[1]); > } > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=224922">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 255859
: 224922