From nobody Tue Jun 28 08:43:42 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8F6EC86E38E; Tue, 28 Jun 2022 08:43:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LXJ6631PZz4lfG; Tue, 28 Jun 2022 08:43:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656405822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XoE0mjjP1yNEwskoya+P/NpaPuYZNN88rgDwY/WHWdM=; b=to6KBUiRiROX2Oq+001/7BSK1q8qAeISR/x4Oci82vXg+MAVg2tnl09qq6iJK6aIxjPa0q ZcP4WGv7PKnxM1vLOsU/u5IFnJfxO9M0NjTMswv4Y5UyKpXKiwR30pmHo9h1je2TmWvUrc +YQcK3Izs3TBoobeYiP4QnDA7uDKjhOQqEB63REHLLZ4aZnHpcF6ul6ofKeCgG0qRyuoui ytdSgxxf3KosQOiZ99EgVOQ7Lb60wmXRgHJk5zQnLOnfhVvm+ivFRNtaLOI1KmcrB8T0Jc XHJMZj2K3PIxdnGxMnUT7O0T1QzNLmwy5+PJHF/xCPXTW8YMf2DoO+Oef+4nEg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4011419E1F; Tue, 28 Jun 2022 08:43:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25S8hgIs097844; Tue, 28 Jun 2022 08:43:42 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25S8hgu6097843; Tue, 28 Jun 2022 08:43:42 GMT (envelope-from git) Date: Tue, 28 Jun 2022 08:43:42 GMT Message-Id: <202206280843.25S8hgu6097843@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: fd72bfa626bc - main - pf: ensure mbufs are long enough before we copy out IP(v6) headers List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fd72bfa626bcb9950eb2b057f224a7236e85e0af Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656405822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XoE0mjjP1yNEwskoya+P/NpaPuYZNN88rgDwY/WHWdM=; b=D4+4MfoYXQGHtk1C/tESW2nbPyJMo6EhKI26QsC/cPCtwlUPTDIs+URbNZzr3mGNRteHfZ rRUBABejBDyd9YWhprwviHNY47wTxhoc6Xwc4MjeLvcGRhQMUHjaJgJUvHkhxS5VZKCt1x 0s4fwsBWUAgk4szfrKz9sPXPS9CS6NnFe1tmdzu6as8S/UegkAG2msMpuL6AeYGJpKZ7GD Z4xAOuwJnADhz6l/rsaFUdPQLNLpGx0FCfm36KlDamY3AE+F861WUE1U5rd2U8b3j4bCfU dLrsCArpibV4oC/25igSSfnihLlu7rO+oA7l8E39vCae2AeBZMchJAEUxXCm2g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1656405822; a=rsa-sha256; cv=none; b=w4N2C3Itb1vr+U4MSXXPv5BId+nt7PVxBcHXmRm/QQ4h00WpHfyb2U6p5ovulcLTAQm/OG Fz4+E/M9OgiZ6iElAmiEUu17aQPJ1L92rgWL3r45+lPdQ/8mOIxxp8A14wWtr86DMrpk3l NFZldSAu3oBbYlUMHWr1fzqvKRNb7hiUgq9cHp+rlk0dnZBOUHDha4+L/X7koDSZcRd+qF EXWjAj+NXibwIfdQ1T8YQLGRWso+oUs3peoQO+9Wx9tuDZVsfaLvUTbBS5GDeTAUX+4ciM wjGc/cUyZkBk+RROLIqri2di9gnibKCi0YbLLthfS1C9yjxckZiJwD+YgMba9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=fd72bfa626bcb9950eb2b057f224a7236e85e0af commit fd72bfa626bcb9950eb2b057f224a7236e85e0af Author: Kristof Provost AuthorDate: 2022-06-24 07:41:00 +0000 Commit: Kristof Provost CommitDate: 2022-06-28 08:31:23 +0000 pf: ensure mbufs are long enough before we copy out IP(v6) headers This isn't likely to be an issue on real hardware (as Ethernet has a minimal packet length of 64 bytes), but can cause panics with short packets on if_epair. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 275e1fcdbeb4..94ec0645fdeb 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3899,6 +3899,10 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) switch (proto) { #ifdef INET case ETHERTYPE_IP: { + if (m_length(m, NULL) < (sizeof(struct ether_header) + + sizeof(ip))) + return (PF_DROP); + af = AF_INET; m_copydata(m, sizeof(struct ether_header), sizeof(ip), (caddr_t)&ip); @@ -3909,6 +3913,10 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0) #endif /* INET */ #ifdef INET6 case ETHERTYPE_IPV6: { + if (m_length(m, NULL) < (sizeof(struct ether_header) + + sizeof(ip6))) + return (PF_DROP); + af = AF_INET6; m_copydata(m, sizeof(struct ether_header), sizeof(ip6), (caddr_t)&ip6);