diff options
| author | Richard Procter <procter@cvs.openbsd.org> | 2016-11-22 19:29:55 +0000 |
|---|---|---|
| committer | Richard Procter <procter@cvs.openbsd.org> | 2016-11-22 19:29:55 +0000 |
| commit | 04e8f9c4391809bffde6bd47e6fefb07e7a5964f (patch) | |
| tree | badfbe4f412b04af1ca98c95ef1a98d73031e7e7 /sys/net/if_pfsync.c | |
| parent | fe4ea9bd743167611749f63880194860c1abf9f0 (diff) | |
Fold union pf_headers buffer into struct pf_pdesc (enabled by pfvar_priv.h).
Prevent pf_socket_lookup() reading uninitialised header buffers on fragments.
OK blum@ sashan@
Diffstat (limited to 'sys/net/if_pfsync.c')
| -rw-r--r-- | sys/net/if_pfsync.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c index 3818e1a6777..691123053b0 100644 --- a/sys/net/if_pfsync.c +++ b/sys/net/if_pfsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.237 2016/11/14 13:25:00 bluhm Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.238 2016/11/22 19:29:54 procter Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -1733,7 +1733,6 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) { struct pfsync_softc *sc = pfsyncif; struct pf_pdesc pdesc; - union pf_headers pdhdrs; splsoftassert(IPL_SOFTNET); @@ -1745,7 +1744,7 @@ pfsync_undefer(struct pfsync_deferral *pd, int drop) m_freem(pd->pd_m); else { if (pd->pd_st->rule.ptr->rt == PF_ROUTETO) { - if (pf_setup_pdesc(&pdesc, &pdhdrs, + if (pf_setup_pdesc(&pdesc, pd->pd_st->key[PF_SK_WIRE]->af, pd->pd_st->direction, pd->pd_st->rt_kif, pd->pd_m, NULL) != PF_PASS) { |