diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2009-04-11 23:42:06 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2009-04-11 23:42:06 +0000 |
commit | 5ea5c26336c06656aaae78699bf850f6b53cbd57 (patch) | |
tree | 9e81ace19b6c572da4ad6fbc64dbea2fd4ad3dbb | |
parent | 178d9835485d0a2ff24cc1713337c8c654d7eb56 (diff) |
Avoid dereferencing a null pointer when pf attempts to translate a
specifically crafted IP datagram.
Problem noted by Sebastian Rother.
ok henning@ mcbride@ sthen@
-rw-r--r-- | sys/net/pf.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 81c3ca3eab1..9b9b0b3cd2c 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.640 2009/04/06 12:05:55 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.641 2009/04/11 23:42:05 jsing Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5549,6 +5549,15 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, break; } +#ifdef INET6 + case IPPROTO_ICMPV6: { + action = PF_DROP; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping IPv4 packet with ICMPv6 payload\n")); + goto done; + } +#endif + default: action = pf_test_state_other(&s, dir, kif, m, &pd); if (action == PF_PASS) { @@ -5920,6 +5929,13 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, break; } + case IPPROTO_ICMP: { + action = PF_DROP; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping IPv6 packet with ICMPv4 payload\n")); + goto done; + } + case IPPROTO_ICMPV6: { union { struct icmp6_hdr icmp6; |