git: e85d2c1b0e10 - main - pf: ensure pd->src/pd->dst are valid
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 13 Oct 2024 11:53:17 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=e85d2c1b0e10b1cabd559bc5a45ac4c0286b2d66
commit e85d2c1b0e10b1cabd559bc5a45ac4c0286b2d66
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-10-12 08:40:53 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-10-13 11:51:53 +0000
pf: ensure pd->src/pd->dst are valid
When we reassemble a packet we potentially invalidate the pd->src and pd->dst
pointers as they point into the packet. Reset those after reassembly.
Reported by: markj, KASAN
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index f5b90424d246..bd8b709e396e 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8708,11 +8708,15 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf **m0,
return (-1);
}
+ /* Update pointers into the packet. */
+ h = mtod(pd->m, struct ip6_hdr *);
+ pd->src = (struct pf_addr *)&h->ip6_src;
+ pd->dst = (struct pf_addr *)&h->ip6_dst;
+
/*
* Reassembly may have changed the next protocol from fragment
* to something else, so update.
*/
- h = mtod(pd->m, struct ip6_hdr *);
pd->virtual_proto = pd->proto = h->ip6_nxt;
pd->off = 0;