Initialize `sc_outputtask' before interface attachment. if_alloc_sadl()

has sleep point, so the uninitialized `sc_outputtask` could be accessed
through ioctl(2) interface.

ok sashan bluhm

diff --git a/sys/net/if_pflow.c b/sys/net/if_pflow.c
index 94608c5..7bc9e70 100644 (file)
--- a/sys/net/if_pflow.c
+++ b/sys/net/if_pflow.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_pflow.c,v 1.106 2023/12/16 22:16:02 mvs Exp $      */
+/*     $OpenBSD: if_pflow.c,v 1.107 2023/12/19 20:34:10 mvs Exp $      */
 
 /*
  * Copyright (c) 2011 Florian Obser <florian@narrans.de>
@@ -277,12 +277,12 @@ pflow_clone_create(struct if_clone *ifc, int unit)
        timeout_set_proc(&pflowif->sc_tmo6, pflow_timeout6, pflowif);
        timeout_set_proc(&pflowif->sc_tmo_tmpl, pflow_timeout_tmpl, pflowif);
 
+       task_set(&pflowif->sc_outputtask, pflow_output_process, pflowif);
+
        if_counters_alloc(ifp);
        if_attach(ifp);
        if_alloc_sadl(ifp);
 
-       task_set(&pflowif->sc_outputtask, pflow_output_process, pflowif);
-
        /* Insert into list of pflows */
        KERNEL_ASSERT_LOCKED();
        SMR_SLIST_INSERT_HEAD_LOCKED(&pflowif_list, pflowif, sc_next);