git: d7e62fc3d719 - stable/14 - pf: ignore state update with invalid rtableid
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 16 Jul 2025 12:47:26 UTC
The branch stable/14 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=d7e62fc3d719469297681919b7bf0ed010b05344
commit d7e62fc3d719469297681919b7bf0ed010b05344
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-07-08 11:21:20 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-07-16 08:06:10 +0000
pf: ignore state update with invalid rtableid
It's possible for a peer to send us a state update with an rtableid we don't
support (i.e. >= net.fibs).
Drop these updates rather than potentially crashing later by setting an invalid
fib number.
PR: 287981
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 4af4fefedd1bf14b5a27387075edde98744b722e)
---
sys/netpfil/pf/if_pfsync.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 64c938ee52ee..8c080b472653 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -699,6 +699,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
__func__, msg_version);
}
+ if (! (st->act.rtableid == -1 ||
+ (st->act.rtableid >= 0 && st->act.rtableid < rt_numfibs)))
+ goto cleanup;
+
st->id = sp->pfs_1301.id;
st->creatorid = sp->pfs_1301.creatorid;
pf_state_peer_ntoh(&sp->pfs_1301.src, &st->src);