From 410d228cc325ff2151e99654661c9778c277fc8c Mon Sep 17 00:00:00 2001
From: Ryan Thomas McBride <mcbride@cvs.openbsd.org>
Date: Sat, 7 Mar 2009 01:15:42 +0000
Subject: Make sure pd2 has a pointer to the icmp header in the payload; fixes
 panic seen with some some icmp types in icmp error message payloads.

Reported by david@ and insan.praja@gmail.com
---
 sys/net/pf.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sys/net/pf.c')

diff --git a/sys/net/pf.c b/sys/net/pf.c
index 35163548410..15a629cd147 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf.c,v 1.635 2009/03/05 03:09:37 mcbride Exp $ */
+/*	$OpenBSD: pf.c,v 1.636 2009/03/07 01:15:41 mcbride Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -4431,7 +4431,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				return (PF_DROP);
 			}
 
-			icmpid = iih.icmp_id;
+			pd2.hdr.icmp = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 
@@ -4487,6 +4487,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				return (PF_DROP);
 			}
 
+			pd2.hdr.icmp6 = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp6_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 			ret = pf_icmp_state_lookup(&key, &pd2, state, m,
-- 
cgit v1.2.3