summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2008-07-22 12:31:36 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2008-07-22 12:31:36 +0000
commit4a079fcf0de1c904c3e4ec3f80d833bcca9f0a7b (patch)
tree70c50f6f2a71652c3bdbe61306c4db80abf6eeb5 /sys
parent704888d9ed4cd8258d1d918a7483fd0fac6d97d4 (diff)
after pf_state_key_atach nothing must use the state keys passed to it any
more, since they might have been invalidated and free'd. one synproxy errorpath did so, however. just get the state keys from the state itself. ok david mcbride
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 748527cc18f..7492a5dca91 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.612 2008/07/21 15:58:59 david Exp $ */
+/* $OpenBSD: pf.c,v 1.613 2008/07/22 12:31:35 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3537,12 +3537,15 @@ pf_create_state(struct pf_rule *r, struct pf_rule *nr, struct pf_rule *a,
s->src.state = PF_TCPS_PROXY_SRC;
/* undo NAT changes, if they have taken place */
if (nr != NULL) {
- PF_ACPY(pd->src, &sk->addr[pd->sidx], pd->af);
- PF_ACPY(pd->dst, &sk->addr[pd->didx], pd->af);
+ struct pf_state_key *skt = s->key[PF_SK_WIRE];
+ if (pd->dir == PF_OUT)
+ skt = s->key[PF_SK_STACK];
+ PF_ACPY(pd->src, &skt->addr[pd->sidx], pd->af);
+ PF_ACPY(pd->dst, &skt->addr[pd->didx], pd->af);
if (pd->sport)
- *pd->sport = sk->port[pd->sidx];
+ *pd->sport = skt->port[pd->sidx];
if (pd->dport)
- *pd->dport = sk->port[pd->didx];
+ *pd->dport = skt->port[pd->didx];
if (pd->proto_sum)
*pd->proto_sum = bproto_sum;
if (pd->ip_sum)