summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorAlexandr Nedvedicky <sashan@cvs.openbsd.org>2020-06-28 06:40:15 +0000
committerAlexandr Nedvedicky <sashan@cvs.openbsd.org>2020-06-28 06:40:15 +0000
commit652b7d3f548bf1687f0d8c186f339685170e17e8 (patch)
tree197d4bec9b7e2e7904a6e6b980f9b1853a0b489a /sys/net
parent458fdac9a760a5e8035a05532fc7f6e8deea58b5 (diff)
state import should accept AF_INET/AF_INET6 only
Reported-by: syzbot+6fef0091252d57113bfb@syzkaller.appspotmail.com ok kn@
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/if_pfsync.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index 515504d38e9..8a486abd97c 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.271 2020/06/24 22:03:43 cheloha Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.272 2020/06/28 06:40:14 sashan Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -489,7 +489,7 @@ pfsync_state_import(struct pfsync_state *sp, int flags)
struct pf_rule *r = NULL;
struct pfi_kif *kif;
int pool_flags;
- int error;
+ int error = ENOMEM;
if (sp->creatorid == 0) {
DPFPRINTF(LOG_NOTICE, "pfsync_state_import: "
@@ -584,6 +584,16 @@ pfsync_state_import(struct pfsync_state *sp, int flags)
}
} else
sks->proto = sp->proto;
+
+ if (((sks->af != AF_INET) && (sks->af != AF_INET6)) ||
+ ((skw->af != AF_INET) && (skw->af != AF_INET6))) {
+ error = EINVAL;
+ goto cleanup;
+ }
+
+ } else if ((sks->af != AF_INET) && (sks->af != AF_INET6)) {
+ error = EINVAL;
+ goto cleanup;
}
st->rtableid[PF_SK_WIRE] = ntohl(sp->rtableid[PF_SK_WIRE]);
st->rtableid[PF_SK_STACK] = ntohl(sp->rtableid[PF_SK_STACK]);
@@ -657,7 +667,6 @@ pfsync_state_import(struct pfsync_state *sp, int flags)
return (0);
cleanup:
- error = ENOMEM;
if (skw == sks)
sks = NULL;
if (skw != NULL)