Re: svn commit: r309394 - head/sys/netpfil/pf

> On Dec 8, 2016, at 2:48 PM, Gleb Smirnoff > wrote: > > Marcel, > > On Wed, Dec 07, 2016 at 05:06:08PM -0800, Marcel Moolenaar wrote: > M> > thanks for the fixes. While the problem with the first chunk > M> > in pfsync_sendout() is obvious, the problem you are fix

Re: svn commit: r309394 - head/sys/netpfil/pf

Marcel, On Wed, Dec 07, 2016 at 05:06:08PM -0800, Marcel Moolenaar wrote: M> > thanks for the fixes. While the problem with the first chunk M> > in pfsync_sendout() is obvious, the problem you are fixing in th M> > second chunk in the pfsync_delete_state() is not clear to me. M> > Can you pleas

Re: svn commit: r309394 - head/sys/netpfil/pf

> On Dec 7, 2016, at 1:08 PM, Gleb Smirnoff > wrote: > > Marcel, > > thanks for the fixes. While the problem with the first chunk > in pfsync_sendout() is obvious, the problem you are fixing in th > second chunk in the pfsync_delete_state() is not clear to me. > Ca

Re: svn commit: r309394 - head/sys/netpfil/pf

> On Dec 7, 2016, at 1:08 PM, Gleb Smirnoff > wrote: > > Marcel, > > thanks for the fixes. While the problem with the first chunk > in pfsync_sendout() is obvious, the problem you are fixing in th > second chunk in the pfsync_delete_state() is not clear to me. > Ca

Re: svn commit: r309394 - head/sys/netpfil/pf

Marcel, thanks for the fixes. While the problem with the first chunk in pfsync_sendout() is obvious, the problem you are fixing in th second chunk in the pfsync_delete_state() is not clear to me. Can you please explain what scenario are you fixing there? On Fri, Dec 02, 2016 at 06:15:59AM +00

svn commit: r309394 - head/sys/netpfil/pf

Author: marcel Date: Fri Dec 2 06:15:59 2016 New Revision: 309394 URL: https://svnweb.freebsd.org/changeset/base/309394 Log: Fix use-after-free bugs in pfsync(4) Use after free happens for state that is deleted. The reference count is what prevents the state from being freed. When the