diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-05-10 11:36:25 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2013-05-10 11:36:25 +0000 |
| commit | 107af1f28831acb7f690ef701f32804449f24dbc (patch) | |
| tree | 5b810bac06b931c0b3f24d8ac21fa3cfac199be1 /sys/net/pfvar.h | |
| parent | 4fc4909f5039ce3c9ee294c8017fe0f2c4be0199 (diff) | |
Since pf_state_key_attach can decide to free the provided state
key we need to sync our state key pointers with whatever values
the function will pick. Not doing so will produce wrong results
if address translation must be applied afterwards and we happen
to have a state key collision. Then pf_translate will follow an
old pointer and punch in garbage addresses into the packet.
Noticed, initial patch and tests by Vitaly Sinilin <vs @ kp4 ! ru>
ok tedu, henning
Diffstat (limited to 'sys/net/pfvar.h')
| -rw-r--r-- | sys/net/pfvar.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index 6da20f48bf1..6d255b47a10 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfvar.h,v 1.378 2013/05/03 15:33:47 florian Exp $ */ +/* $OpenBSD: pfvar.h,v 1.379 2013/05/10 11:36:24 mikeb Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1750,8 +1750,8 @@ extern void pf_purge_expired_states(u_int32_t); extern void pf_unlink_state(struct pf_state *); extern void pf_free_state(struct pf_state *); extern int pf_state_insert(struct pfi_kif *, - struct pf_state_key *, - struct pf_state_key *, + struct pf_state_key **, + struct pf_state_key **, struct pf_state *); int pf_insert_src_node(struct pf_src_node **, struct pf_rule *, enum pf_sn_types, |