From: henning <henning@openbsd.org>
Date: Tue, 22 Jul 2008 12:31:35 +0000 (+0000)
Subject: after pf_state_key_atach nothing must use the state keys passed to it any
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=44c84cf4a98b56b65a39afb7d581c5bc8a74ab9e;p=openbsd

after pf_state_key_atach nothing must use the state keys passed to it any
more, since they might have been invalidated and free'd.
one synproxy errorpath did so, however. just get the state keys from the
state itself. ok david mcbride
---

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 748527cc18f..7492a5dca91 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.612 2008/07/21 15:58:59 david Exp $ */
+/*	$OpenBSD: pf.c,v 1.613 2008/07/22 12:31:35 henning Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -3537,12 +3537,15 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a,
 		s->src.state = PF_TCPS_PROXY_SRC;
 		/* undo NAT changes, if they have taken place */
 		if (nr != NULL) {
-			PF_ACPY(pd->src, &sk->addr[pd->sidx], pd->af);
-			PF_ACPY(pd->dst, &sk->addr[pd->didx], pd->af);
+			struct pf_state_key *skt = s->key[PF_SK_WIRE];
+			if (pd->dir == PF_OUT)
+				skt = s->key[PF_SK_STACK];
+			PF_ACPY(pd->src, &skt->addr[pd->sidx], pd->af);
+			PF_ACPY(pd->dst, &skt->addr[pd->didx], pd->af);
 			if (pd->sport)
-				*pd->sport = sk->port[pd->sidx];
+				*pd->sport = skt->port[pd->sidx];
 			if (pd->dport)
-				*pd->dport = sk->port[pd->didx];
+				*pd->dport = skt->port[pd->didx];
 			if (pd->proto_sum)
 				*pd->proto_sum = bproto_sum;
 			if (pd->ip_sum)