diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-02-05 17:29:06 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2011-02-05 17:29:06 +0000 |
commit | d1d6ddc24641be41f6a4c4f0027877d244936dc2 (patch) | |
tree | b5fa1bab32d72dd5e62f3671438731e726109c31 | |
parent | 4515d91db5080342bab395c673d6d8aabc0bb2ef (diff) |
When a packet with an unusual protocol number got rewritten, the
header lenght was uninitialized. This resulted in a panic in
m_clget(). Initialize hdrlen with 0 and call m_copyback() only if
necessary.
ok henning@
-rw-r--r-- | sys/net/pf.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 3ddad2188f7..59fd5fd3659 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.722 2011/01/22 11:43:57 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.723 2011/02/05 17:29:05 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3047,7 +3047,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, } /* copy back packet headers if we performed NAT operations */ - if (rewrite) + if (rewrite && hdrlen) m_copyback(m, off, hdrlen, pd->hdr.any, M_NOWAIT); #if NPFSYNC > 0 @@ -5517,6 +5517,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m, if (pd->hdr.any == NULL) panic("pf_setup_pdesc: no storage for headers provided"); + *hdrlen = 0; switch (af) { #ifdef INET case AF_INET: { |