svn commit: r257224 - head/sys/netpfil/pf

Baptiste Daroussin bapt at FreeBSD.org
Sun Oct 27 20:52:10 UTC 2013


Author: bapt
Date: Sun Oct 27 20:52:09 2013
New Revision: 257224
URL: http://svnweb.freebsd.org/changeset/base/257224

Log:
  Improt pf.c 1.636 from OpenBSD
  
  Original log:
  Make sure pd2 has a pointer to the icmp header in the payload; fixes
  panic seen with some some icmp types in icmp error message payloads.
  
  Obtained from:	OpenBSD

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Sun Oct 27 20:44:42 2013	(r257223)
+++ head/sys/netpfil/pf/pf.c	Sun Oct 27 20:52:09 2013	(r257224)
@@ -4994,7 +4994,7 @@ pf_test_state_icmp(struct pf_state **sta
 				return (PF_DROP);
 			}
 
-			icmpid = iih.icmp_id;
+			pd2.hdr.icmp = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 
@@ -5049,6 +5049,7 @@ pf_test_state_icmp(struct pf_state **sta
 				return (PF_DROP);
 			}
 
+			pd2.hdr.icmp6 = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp6_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 			ret = pf_icmp_state_lookup(&key, &pd2, state, m,


More information about the svn-src-head mailing list