git: da64fc8609d5 - main - pflog: ensure we can't read outside V_pflogifs
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 19 Feb 2025 10:41:45 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=da64fc8609d53e3b72529c32b76bf1c29bb48e23
commit da64fc8609d53e3b72529c32b76bf1c29bb48e23
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-14 08:07:02 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-02-19 10:41:10 +0000
pflog: ensure we can't read outside V_pflogifs
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/if_pflog.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 7c9baaeaba76..016ff96b02b4 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -251,6 +251,9 @@ pflog_packet(uint8_t action, u_int8_t reason,
if (rm == NULL || pd == NULL)
return (1);
+ if (rm->logif > V_npflogifs)
+ return (0);
+
ifn = V_pflogifs[rm->logif];
if (ifn == NULL || !bpf_peers_present(ifn->if_bpf))
return (0);