git: 8e1c23341c0c - main - pf: reduce the risk of src/dst mis-use
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Jun 2022 12:01:28 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8e1c23341c0c1b161f7fe9aa76ca2e399ada9f45 commit 8e1c23341c0c1b161f7fe9aa76ca2e399ada9f45 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-06-23 09:11:55 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-06-28 12:01:07 +0000 pf: reduce the risk of src/dst mis-use NULL out src/dst and check them rather than relying of 'af' to indicate these variables are valid. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35573 --- sys/netpfil/pf/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 94ec0645fdeb..d9664404e6e3 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3860,7 +3860,7 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) struct pf_keth_ruleset *ruleset = NULL; struct pf_mtag *mtag; struct pf_keth_ruleq *rules; - struct pf_addr *src, *dst; + struct pf_addr *src = NULL, *dst = NULL; sa_family_t af = 0; uint16_t proto; int asd = 0, match = 0; @@ -3958,13 +3958,13 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) "dst"); r = TAILQ_NEXT(r, entries); } - else if (af != 0 && PF_MISMATCHAW(&r->ipsrc.addr, src, af, + else if (src != NULL && PF_MISMATCHAW(&r->ipsrc.addr, src, af, r->ipsrc.neg, kif, M_GETFIB(m))) { SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, "ip_src"); r = TAILQ_NEXT(r, entries); } - else if (af != 0 && PF_MISMATCHAW(&r->ipdst.addr, dst, af, + else if (dst != NULL && PF_MISMATCHAW(&r->ipdst.addr, dst, af, r->ipdst.neg, kif, M_GETFIB(m))) { SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r, "ip_dst");