git: 646b453110aa - main - pf: fix pf_ioctl_add_addr() validation
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 10 Apr 2025 13:37:18 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=646b453110aa78abef24f507e7ef4562a7109897 commit 646b453110aa78abef24f507e7ef4562a7109897 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-04-10 11:49:03 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-04-10 13:36:41 +0000 pf: fix pf_ioctl_add_addr() validation Ensure we can only pass AF_UNSPEC, AF_INET or AF_INET6 (and only when supported in our kernel config). Reported-by: syzbot+8a9ee157bfed9e6b9efc@syzkaller.appspotmail.com Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 3ee5173c1313..44da2e156ce2 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2571,14 +2571,20 @@ pf_ioctl_add_addr(struct pf_nl_pooladdr *pp) pp->which != PF_RT) return (EINVAL); -#ifndef INET - if (pp->af == AF_INET) - return (EAFNOSUPPORT); + switch (pp->af) { +#ifdef INET + case AF_INET: + /* FALLTHROUGH */ #endif /* INET */ -#ifndef INET6 - if (pp->af == AF_INET6) - return (EAFNOSUPPORT); +#ifdef INET6 + case AF_INET6: + /* FALLTHROUGH */ #endif /* INET6 */ + case AF_UNSPEC: + break; + default: + return (EAFNOSUPPORT); + } if (pp->addr.addr.type != PF_ADDR_ADDRMASK && pp->addr.addr.type != PF_ADDR_DYNIFTL &&