diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2016-05-28 12:04:34 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2016-05-28 12:04:34 +0000 |
| commit | 1d19df642f31cc2318fa2eadbb88f3d831d1ab28 (patch) | |
| tree | f6473a4a8a83d94b6280edfd29280c78911aba90 /sys | |
| parent | ca7feb5b2d9e86c96aa6063d0dfefa731f2b64e1 (diff) | |
Backout pf.c r1.972, pf_norm.c r1.184, ok claudio
pf_test calls pf_refragment6 with dst=NULL, which is passed down to
rtable_match which attempts to dereference it.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 13 | ||||
| -rw-r--r-- | sys/net/pf_norm.c | 16 |
2 files changed, 4 insertions, 25 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index f7490e1eb69..8e7f4f4e92a 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.972 2016/05/24 05:02:34 mpi Exp $ */ +/* $OpenBSD: pf.c,v 1.973 2016/05/28 12:04:33 sthen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5665,13 +5665,11 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, { struct mbuf *m0; struct sockaddr_in6 *dst, sin6; - struct rtentry *rt = NULL; struct ip6_hdr *ip6; struct ifnet *ifp = NULL; struct pf_addr naddr; struct pf_src_node *sns[PF_SN_MAX]; struct m_tag *mtag; - unsigned int rtableid; if (m == NULL || *m == NULL || r == NULL || (dir != PF_IN && dir != PF_OUT) || oifp == NULL) @@ -5704,7 +5702,6 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, dst->sin6_family = AF_INET6; dst->sin6_len = sizeof(*dst); dst->sin6_addr = ip6->ip6_dst; - rtableid = m0->m_pkthdr.ph_rtableid; if (!r->rt) { m0->m_pkthdr.pf.flags |= PF_TAG_GENERATED; @@ -5757,13 +5754,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if ((mtag = m_tag_find(m0, PACKET_TAG_PF_REASSEMBLED, NULL))) { (void) pf_refragment6(&m0, mtag, dst, ifp); } else if ((u_long)m0->m_pkthdr.len <= ifp->if_mtu) { - rt = rtalloc(sin6tosa(dst), RT_RESOLVE, rtableid); - if (rt == NULL) { - ip6stat.ip6s_noroute++; - goto bad; - } - nd6_output(ifp, m0, dst, rt); - rtfree(rt); + nd6_output(ifp, m0, dst, NULL); } else { icmp6_error(m0, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); } diff --git a/sys/net/pf_norm.c b/sys/net/pf_norm.c index a93bf690dd3..227317305c0 100644 --- a/sys/net/pf_norm.c +++ b/sys/net/pf_norm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.184 2016/05/24 05:02:34 mpi Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.185 2016/05/28 12:04:33 sthen Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -687,7 +687,6 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst, { struct mbuf *m = *m0, *t; struct pf_fragment_tag *ftag = (struct pf_fragment_tag *)(mtag + 1); - struct rtentry *rt = NULL; u_int32_t mtu; u_int16_t hdrlen, extoff, maxlen; u_int8_t proto; @@ -743,16 +742,6 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst, DPFPRINTF(LOG_NOTICE, "refragment error %d", error); action = PF_DROP; } - - if (ifp == NULL) { - rt = rtalloc(sin6tosa(dst), RT_RESOLVE, - m->m_pkthdr.ph_rtableid); - if (rt == NULL) { - ip6stat.ip6s_noroute++; - error = -1; - } - } - for (t = m; m; m = t) { t = m->m_nextpkt; m->m_nextpkt = NULL; @@ -761,7 +750,7 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst, if (ifp == NULL) { ip6_forward(m, 0); } else if ((u_long)m->m_pkthdr.len <= ifp->if_mtu) { - nd6_output(ifp, m, dst, rt); + nd6_output(ifp, m, dst, NULL); } else { icmp6_error(m, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); @@ -770,7 +759,6 @@ pf_refragment6(struct mbuf **m0, struct m_tag *mtag, struct sockaddr_in6 *dst, m_freem(m); } } - rtfree(rt); return (action); } |