cvs commit: src/sys/contrib/pf/net pf.c
Daniel Hartmeier
dhartmei at FreeBSD.org
Sun Dec 19 11:43:04 PST 2004
dhartmei 2004-12-19 19:43:04 UTC
FreeBSD src repository
Modified files:
sys/contrib/pf/net pf.c
Log:
Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop,
possibly allowing a NATed LAN client to lock up the kernel.
PR: kern/74930
Reported and tested by: Hugo Silva, Srebrenko Sehic
MFC after: 3 days
Revision Changes Path
1.25 +5 -3 src/sys/contrib/pf/net/pf.c
More information about the cvs-src
mailing list