Skip to content

Commit

Permalink
pf: ensure we don't destroy an uninitialised lock
Browse files Browse the repository at this point in the history
The new lock introduced in 5f5e32f needs to be initialised early so
that it can be safely destroyed if we error out.

Reported-by: [email protected]
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit e5ca5e8)
  • Loading branch information
kprovost committed Feb 4, 2022
1 parent 6506073 commit ba4b345
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion sys/netpfil/pf/pf_ioctl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2009,6 +2009,8 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
int rs_num;
int error = 0;

mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);

if ((rule->return_icmp >> 8) > ICMP_MAXTYPE) {
error = EINVAL;
goto errout_unlocked;
Expand Down Expand Up @@ -2149,7 +2151,6 @@ pf_ioctl_addrule(struct pf_krule *rule, uint32_t ticket,
rule, entries);
ruleset->rules[rs_num].inactive.rcount++;

mtx_init(&rule->rpool.mtx, "pf_krule_pool", NULL, MTX_DEF);
PF_RULES_WUNLOCK();

return (0);
Expand Down

0 comments on commit ba4b345

Please sign in to comment.