git: da64fc8609d5 - main - pflog: ensure we can't read outside V_pflogifs

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 19 Feb 2025 10:41:45 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=da64fc8609d53e3b72529c32b76bf1c29bb48e23

commit da64fc8609d53e3b72529c32b76bf1c29bb48e23
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-14 08:07:02 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-19 10:41:10 +0000

    pflog: ensure we can't read outside V_pflogifs
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/if_pflog.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 7c9baaeaba76..016ff96b02b4 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -251,6 +251,9 @@ pflog_packet(uint8_t action, u_int8_t reason,
 	if (rm == NULL || pd == NULL)
 		return (1);
 
+	if (rm->logif > V_npflogifs)
+		return (0);
+
 	ifn = V_pflogifs[rm->logif];
 	if (ifn == NULL || !bpf_peers_present(ifn->if_bpf))
 		return (0);