git: 7b0b4fca080e - main - pfctl: getifaddrs() can return entries where ifa_addr is NULL
Date: Tue, 15 Jul 2025 10:07:56 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=7b0b4fca080e818e5cf2559453345b6057d33064
commit 7b0b4fca080e818e5cf2559453345b6057d33064
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-08 09:48:52 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-15 07:55:30 +0000
pfctl: getifaddrs() can return entries where ifa_addr is NULL
Check for this before accessing anything in ifa_addr.
ok claudio@
Obtained from: OpenBSD, benno <benno@openbsd.org>, ff7f497850
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sbin/pfctl/pfctl_parser.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index bd2c10c8080f..cc2b03ec211f 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1483,7 +1483,8 @@ ifa_load(void)
err(1, "getifaddrs");
for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
- if (!(ifa->ifa_addr->sa_family == AF_INET ||
+ if (ifa->ifa_addr == NULL ||
+ !(ifa->ifa_addr->sa_family == AF_INET ||
ifa->ifa_addr->sa_family == AF_INET6 ||
ifa->ifa_addr->sa_family == AF_LINK))
continue;