diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2009-03-07 01:15:42 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2009-03-07 01:15:42 +0000 |
commit | 410d228cc325ff2151e99654661c9778c277fc8c (patch) | |
tree | aef7eda0645d6e576d4733bacd2d806625186a25 | |
parent | b22a81d6b274dbea0a388b02bf4d0038bbd91f7f (diff) |
Make sure pd2 has a pointer to the icmp header in the payload; fixes
panic seen with some some icmp types in icmp error message payloads.
Reported by david@ and insan.praja@gmail.com
-rw-r--r-- | sys/net/pf.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 35163548410..15a629cd147 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.635 2009/03/05 03:09:37 mcbride Exp $ */ +/* $OpenBSD: pf.c,v 1.636 2009/03/07 01:15:41 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -4431,7 +4431,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, return (PF_DROP); } - icmpid = iih.icmp_id; + pd2.hdr.icmp = &iih; pf_icmp_mapping(&pd2, iih.icmp_type, &icmp_dir, &multi, &virtual_id, &virtual_type); @@ -4487,6 +4487,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif, return (PF_DROP); } + pd2.hdr.icmp6 = &iih; pf_icmp_mapping(&pd2, iih.icmp6_type, &icmp_dir, &multi, &virtual_id, &virtual_type); ret = pf_icmp_state_lookup(&key, &pd2, state, m, |