git: 8e1c23341c0c - main - pf: reduce the risk of src/dst mis-use
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Jun 2022 12:01:28 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=8e1c23341c0c1b161f7fe9aa76ca2e399ada9f45
commit 8e1c23341c0c1b161f7fe9aa76ca2e399ada9f45
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-06-23 09:11:55 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-06-28 12:01:07 +0000
pf: reduce the risk of src/dst mis-use
NULL out src/dst and check them rather than relying of 'af' to indicate
these variables are valid.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35573
---
sys/netpfil/pf/pf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 94ec0645fdeb..d9664404e6e3 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3860,7 +3860,7 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0)
struct pf_keth_ruleset *ruleset = NULL;
struct pf_mtag *mtag;
struct pf_keth_ruleq *rules;
- struct pf_addr *src, *dst;
+ struct pf_addr *src = NULL, *dst = NULL;
sa_family_t af = 0;
uint16_t proto;
int asd = 0, match = 0;
@@ -3958,13 +3958,13 @@ pf_test_eth_rule(int dir, struct pfi_kkif *kif, struct mbuf **m0)
"dst");
r = TAILQ_NEXT(r, entries);
}
- else if (af != 0 && PF_MISMATCHAW(&r->ipsrc.addr, src, af,
+ else if (src != NULL && PF_MISMATCHAW(&r->ipsrc.addr, src, af,
r->ipsrc.neg, kif, M_GETFIB(m))) {
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
"ip_src");
r = TAILQ_NEXT(r, entries);
}
- else if (af != 0 && PF_MISMATCHAW(&r->ipdst.addr, dst, af,
+ else if (dst != NULL && PF_MISMATCHAW(&r->ipdst.addr, dst, af,
r->ipdst.neg, kif, M_GETFIB(m))) {
SDT_PROBE3(pf, eth, test_rule, mismatch, r->nr, r,
"ip_dst");