git: cf6a7804699f - main - pf: Update a dummy TCP checksum field in pf_test_state_icmp()

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Thu, 20 Mar 2025 02:53:18 UTC 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=cf6a7804699fee8931af7d5c36b1fddb19d700eb

commit cf6a7804699fee8931af7d5c36b1fddb19d700eb
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-20 01:34:38 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-03-20 02:52:42 +0000

    pf: Update a dummy TCP checksum field in pf_test_state_icmp()
    
    Otherwise the parameter &th.th_sum passed to pf_change_ap() points to
    uninitialized memory, since the portion of the TCP header that we copy
    from the embedded packet doesn't include the initial checksum.  This
    is harmless but triggers a KMSAN violation.
    
    Use a dummy variable instead, initialized to zero, to fix the violation
    and make it clear to the reader that the value isn't used.
    
    Reviewed by:    kp
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D49347
---
 sys/netpfil/pf/pf.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 3bf7e0e2077c..dadb3299ff99 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7905,6 +7905,7 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 			struct tcphdr		 th;
 			u_int32_t		 seq;
 			struct pf_state_peer	*src, *dst;
+			u_int16_t		 dummy_cksum = 0;
 			u_int8_t		 dws;
 			int			 copyback = 0;
 
@@ -8026,10 +8027,10 @@ pf_test_state_icmp(struct pf_kstate **state, struct pf_pdesc *pd,
 					    nk->af))
 						return (PF_DROP);
 					pf_change_ap(pd->m, pd2.src, &th.th_sport,
-					    pd->ip_sum, &th.th_sum, &nk->addr[pd2.sidx],
+					    pd->ip_sum, &dummy_cksum, &nk->addr[pd2.sidx],
 					    nk->port[sidx], 1, pd->af, nk->af);
 					pf_change_ap(pd->m, pd2.dst, &th.th_dport,
-					    pd->ip_sum, &th.th_sum, &nk->addr[pd2.didx],
+					    pd->ip_sum, &dummy_cksum, &nk->addr[pd2.didx],
 					    nk->port[didx], 1, pd->af, nk->af);
 					m_copyback(pd2.m, pd2.off, 8, (c_caddr_t)&th);
 					PF_ACPY(&pd->nsaddr, &nk->addr[pd2.sidx],