git: b778bbead38a - releng/13.3 - pf: some ICMP types that also have icmp_id, pointed out by markus@
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 07 Aug 2024 13:44:54 UTC
The branch releng/13.3 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b778bbead38ae9efa366a3542441c451e8fb1660 commit b778bbead38ae9efa366a3542441c451e8fb1660 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-07-10 11:32:03 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-08-07 13:37:24 +0000 pf: some ICMP types that also have icmp_id, pointed out by markus@ ok henning markus Approved by: so Security: FreeBSD-SA-24:05.pf Security: CVE-2024-6640 MFC after: 1 day Obtained From: OpenBSD, mcbride <mcbride@openbsd.org> 8c0632cd274b Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2) --- sys/netpfil/pf/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 1bdc695f698c..b0ef27b2e462 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -1720,21 +1720,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type, *icmp_dir = PF_IN; case ICMP_TSTAMPREPLY: *icmptype = ICMP_TSTAMP; - *icmpid = 0; /* Time is not a secret. */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IREQ: *icmp_dir = PF_IN; case ICMP_IREQREPLY: *icmptype = ICMP_IREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_MASKREQ: *icmp_dir = PF_IN; case ICMP_MASKREPLY: *icmptype = ICMP_MASKREQ; - *icmpid = 0; /* Nothing sane to match on! */ + *icmpid = pd->hdr.icmp.icmp_id; break; case ICMP_IPV6_WHEREAREYOU: