git: b778bbead38a - releng/13.3 - pf: some ICMP types that also have icmp_id, pointed out by markus@

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Wed, 07 Aug 2024 13:44:54 UTC
The branch releng/13.3 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b778bbead38ae9efa366a3542441c451e8fb1660

commit b778bbead38ae9efa366a3542441c451e8fb1660
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-07-10 11:32:03 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-08-07 13:37:24 +0000

    pf: some ICMP types that also have icmp_id, pointed out by markus@
    
    ok henning markus
    
    Approved by:    so
    Security:       FreeBSD-SA-24:05.pf
    Security:       CVE-2024-6640
    MFC after:      1 day
    Obtained From:  OpenBSD, mcbride <mcbride@openbsd.org> 8c0632cd274b
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2)
---
 sys/netpfil/pf/pf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 1bdc695f698c..b0ef27b2e462 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1720,21 +1720,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
 		*icmp_dir = PF_IN;
 	case ICMP_TSTAMPREPLY:
 		*icmptype = ICMP_TSTAMP;
-		*icmpid = 0; /* Time is not a secret. */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_IREQREPLY:
 		*icmptype = ICMP_IREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_MASKREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_MASKREPLY:
 		*icmptype = ICMP_MASKREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IPV6_WHEREAREYOU: