The function pf_create_state() calls pf_set_protostate() before

pf_state_insert(), so the state key has not been set. When inlining, the compiler recognized the NULL pointer dereference in s->key[PF_SK_STACK]->proto and optimized it away. But if pf.c was compiled with -fno-inline, the system crashed during boot. Add a NULL check in pf_set_protostate() to handle the situation when the function is called. OK sashan@ henning@
2025-01-03 06:45:37 -08:00 · 2018-06-04 12:22:45 +00:00 · 2018-06-04 12:22:45 +00:00 · 3f2d79b34b
commit 3f2d79b34b
parent 8d9d24a0e9
1 changed files with 3 additions and 2 deletions
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.1066 2018/06/01 12:38:25 bluhm Exp $ */
+/*	$OpenBSD: pf.c,v 1.1067 2018/06/04 12:22:45 bluhm Exp $ */

 /*
 * Copyright (c) 2001 Daniel Hartmeier
@ -400,7 +400,8 @@ pf_set_protostate(struct pf_state *s, int which, u_int8_t newstate)

 	if (s->src.state == newstate)
 		return;
-	if (s->key[PF_SK_STACK]->proto == IPPROTO_TCP &&
+	if (s->key[PF_SK_STACK] != NULL &&
+	    s->key[PF_SK_STACK]->proto == IPPROTO_TCP &&
 	    !(TCPS_HAVEESTABLISHED(s->src.state) ||
 	    s->src.state == TCPS_CLOSED) &&
 	    (TCPS_HAVEESTABLISHED(newstate) || newstate == TCPS_CLOSED))