summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frantzen <frantzen@cvs.openbsd.org>2001-11-13 17:45:27 +0000
committerMike Frantzen <frantzen@cvs.openbsd.org>2001-11-13 17:45:27 +0000
commit4c75c57996b8d0f16d87d915465b7dbe8c5e8127 (patch)
tree8dfd09639fae9f0813db72745af2598c59fbcc40
parent1c54c32dbed21241c634e779b49a66d59bffa1b2 (diff)
fix pf from going off into the weeds on an ipv6 icmp packet with certain option
headers. should fix pr #2172 ok dhartmei@
-rw-r--r--sys/net/pf.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index bd51cf545ae..341b68853b4 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.165 2001/11/06 11:48:29 dhartmei Exp $ */
+/* $OpenBSD: pf.c,v 1.166 2001/11/13 17:45:26 frantzen Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3954,12 +3954,8 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
pd2.src = (struct pf_addr *)&h2_6.ip6_src;
pd2.dst = (struct pf_addr *)&h2_6.ip6_dst;
pd2.ip_sum = NULL;
+ off2 = ipoff2 + sizeof(h2_6);
do {
- while (off >= m->m_len) {
- off -= m->m_len;
- m = m->m_next;
- }
-
switch (pd2.proto) {
case IPPROTO_FRAGMENT:
/* XXX we don't handle fagments yet */
@@ -3969,11 +3965,16 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct ifnet *ifp,
case IPPROTO_ROUTING:
case IPPROTO_DSTOPTS: {
/* get next header and header length */
- struct _opt6 *opt6;
+ struct _opt6 opt6;
- opt6 = (struct _opt6 *)(mtod(m, caddr_t) + off2);
- pd2.proto = opt6->opt6_nxt;
- off2 += (opt6->opt6_hlen + 1) * 8;
+ if (!pf_pull_hdr(m, off2, &opt6,
+ sizeof(opt6), NULL, NULL, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMPv6 short opt\n"));
+ return(PF_DROP);
+ }
+ pd2.proto = opt6.opt6_nxt;
+ off2 += (opt6.opt6_hlen + 1) * 8;
/* goto the next header */
break;
}