git: 68ed81631afa - main - ipfilter: Add NULL check for fin_dp in ICMP packet handlers
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 20 May 2026 15:34:53 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=68ed81631afa20c07883f7f60343f6da8397ee41
commit 68ed81631afa20c07883f7f60343f6da8397ee41
Author: Teddy Engel <engel.teddy@gmail.com>
AuthorDate: 2026-05-19 21:36:15 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2026-05-20 15:33:43 +0000
ipfilter: Add NULL check for fin_dp in ICMP packet handlers
Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp()
before dereferencing. When processing packets with IPv6 extension
headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL
due to extension header processing leaving insufficient data for the
protocol header.
PR: 288333
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy@gmail.com>
---
sys/netpfil/ipfilter/netinet/fil.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c
index cabc6c350981..4174fdcc5f58 100644
--- a/sys/netpfil/ipfilter/netinet/fil.c
+++ b/sys/netpfil/ipfilter/netinet/fil.c
@@ -890,6 +890,8 @@ ipf_pr_icmp6(fr_info_t *fin)
ip6_t *ip6;
icmp6 = fin->fin_dp;
+ if (icmp6 == NULL)
+ return;
fin->fin_data[0] = *(u_short *)icmp6;
@@ -1198,6 +1200,8 @@ ipf_pr_icmp(fr_info_t *fin)
}
icmp = fin->fin_dp;
+ if (icmp == NULL)
+ return;
fin->fin_data[0] = *(u_short *)icmp;
fin->fin_data[1] = icmp->icmp_id;