[Bug 255859] [Patch] ipfilter/netinent: Fix a use after free in ipf_nat_rule

Discussion:

[Bug 255859] [Patch] ipfilter/netinent: Fix a use after free in ipf_nat_rule_deref

b***@freebsd.org

2021-05-14 12:05:00 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

Mark Linimon <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@FreeBSD.org |***@FreeBSD.org

--
You are receiving this mail because:
You are the assignee for the bug.

b***@freebsd.org

2021-05-25 15:36:07 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

Mark Johnston <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
CC| |***@FreeBSD.org,
| |***@FreeBSD.org

--- Comment #2 from Mark Johnston <***@FreeBSD.org> ---
Cy, could you take a look at this?

--
You are receiving this mail because:
You are the assignee for the bug.

b***@freebsd.org

2021-05-25 16:54:48 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

Cy Schubert <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@FreeBSD.org |***@FreeBSD.org

--
You are receiving this mail because:
You are the assignee for the bug.

b***@freebsd.org

2021-05-25 23:20:55 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

Rodney W. Grimes <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |***@FreeBSD.org

--
You are receiving this mail because:
You are on the CC list for the bug.

b***@freebsd.org

2021-05-26 00:59:45 UTC

Permalink

--
You are receiving this mail because:
You are on the CC list for the bug.

b***@freebsd.org

2021-06-03 00:56:47 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

--- Comment #7 from commit-***@FreeBSD.org ---
A commit in branch stable/13 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=2fb377976493cd961dfe1908d1c565742e79bb4a

commit 2fb377976493cd961dfe1908d1c565742e79bb4a
Author: Cy Schubert <***@FreeBSD.org>
AuthorDate: 2021-05-25 18:54:49 +0000
Commit: Cy Schubert <***@FreeBSD.org>
CommitDate: 2021-06-03 00:54:30 +0000

ipfilter: Fix ip_nat memory leak and use-after-free

Unfortunately the wrong elemet is freed, also resulting in use-after-free.

PR: 255859
Submitted by: ***@foxmail.com
Reported by: ***@foxmail.com

(cherry picked from commit 323a4e2c4e285e6f8eee8db3fe2cb7490a734da0)

sys/contrib/ipfilter/netinet/ip_nat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--
You are receiving this mail because:
You are on the CC list for the bug.

b***@freebsd.org

2021-06-03 00:58:49 UTC

Permalink

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255859

--- Comment #8 from commit-***@FreeBSD.org ---
A commit in branch stable/12 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=c8773c8018e74a34a5d9e7ec6d66f4311148f975

commit c8773c8018e74a34a5d9e7ec6d66f4311148f975
Author: Cy Schubert <***@FreeBSD.org>
AuthorDate: 2021-05-25 18:54:49 +0000
Commit: Cy Schubert <***@FreeBSD.org>
CommitDate: 2021-06-03 00:57:45 +0000

ipfilter: Fix ip_nat memory leak and use-after-free

Unfortunately the wrong elemet is freed, also resulting in use-after-free.

PR: 255859
Submitted by: ***@foxmail.com
Reported by: ***@foxmail.com

(cherry picked from commit 323a4e2c4e285e6f8eee8db3fe2cb7490a734da0)

sys/contrib/ipfilter/netinet/ip_nat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--
You are receiving this mail because:
You are on the CC list for the bug.