From 30cf0fbf26243f23631739f406959ce5aaba9f5c Mon Sep 17 00:00:00 2001
From: Richard Scheffenegger <rscheff@FreeBSD.org>
Date: Wed, 1 May 2024 08:40:40 +0200
Subject: [PATCH] in_pcb: don't leak credential refcounts on error

In the error path during allocating an in_pcb, the credentials
associated with the new struct get their reference count
increased early on, but not decremented when the allocation
fails.

Reported by:		cmiller_netapp.com
MFC after:		3 days
Reviewed by:		jhb, tuexen
Sponsored by:		NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D45033
---
 sys/netinet/in_pcb.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index d9caad6417ef..1a341d421f31 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -655,6 +655,10 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)
 
 #if defined(IPSEC) || defined(IPSEC_SUPPORT) || defined(MAC)
 out:
+	crfree(inp->inp_cred);
+#ifdef INVARIANTS
+	inp->inp_cred = NULL;
+#endif
 	uma_zfree_smr(pcbinfo->ipi_zone, inp);
 	return (error);
 #endif