git: c95f99c0abb3 - releng/14.1 - pf: some ICMP types that also have icmp_id, pointed out by markus@

The branch releng/14.1 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=c95f99c0abb31b4d68f9672aa85a8e248a159f6f

commit c95f99c0abb31b4d68f9672aa85a8e248a159f6f
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-07-10 11:32:03 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-08-07 13:32:00 +0000

    pf: some ICMP types that also have icmp_id, pointed out by markus@
    
    ok henning markus
    
    Approved by:    so
    Security:       FreeBSD-SA-24:05.pf
    Security:       CVE-2024-6640
    MFC after:      1 day
    Obtained From:  OpenBSD, mcbride <mcbride@openbsd.org> 8c0632cd274b
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2)
    (cherry picked from commit c5081b8d3918564c1aba5a5e3f0a5219568e3435)
---
 sys/netpfil/pf/pf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 3212a1443f63..b4c310796cf4 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1766,21 +1766,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
 		*icmp_dir = PF_IN;
 	case ICMP_TSTAMPREPLY:
 		*icmptype = ICMP_TSTAMP;
-		*icmpid = 0; /* Time is not a secret. */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_IREQREPLY:
 		*icmptype = ICMP_IREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_MASKREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_MASKREPLY:
 		*icmptype = ICMP_MASKREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IPV6_WHEREAREYOU: