git: d3c0dff16c2d - releng/14.3 - pf: Fix hashing of IP address ranges

From: Philip Paeps <philip_at_FreeBSD.org>
Date: Thu, 26 Mar 2026 01:16:03 UTC 
The branch releng/14.3 has been updated by philip:

URL: https://cgit.FreeBSD.org/src/commit/?id=d3c0dff16c2d1f871b9fe26234df986c85823f6d

commit d3c0dff16c2d1f871b9fe26234df986c85823f6d
Author:     Michael Gmelin <grembo@FreeBSD.org>
AuthorDate: 2026-03-12 14:18:09 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2026-03-25 16:13:06 +0000

    pf: Fix hashing of IP address ranges
    
    This corrects the false detection of duplicate rules.
    
    Approved by:    so
    Security:       FreeBSD-SA-26:09.pf
    Security:       CVE-2026-4748
    Reviewed by:    kp
    
    (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc)
    (cherry picked from commit ac6bb58a715eaf0afb7a80dc87083f9819e10ac1)
---
 sys/netpfil/pf/pf_ioctl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index d95f36d06ee3..898bfafcee21 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1264,6 +1264,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 			PF_MD5_UPD(pfr, addr.v.tblname);
 			break;
 		case PF_ADDR_ADDRMASK:
+		case PF_ADDR_RANGE:
 			/* XXX ignore af? */
 			PF_MD5_UPD(pfr, addr.v.a.addr.addr32);
 			PF_MD5_UPD(pfr, addr.v.a.mask.addr32);