diff options
| author |   bluhm <bluhm@openbsd.org> | 2011-02-05 17:29:05 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2011-02-05 17:29:05 +0000 |
| commit | 0fb0da3d3d18a0905d29f3ff2d9e4d6401c5a978 (patch) | |
| tree | 7575d144a81ae86a346ec3ab8deb7a1516fe553d | |
| parent | * merge 'onqueue' and 'running' members of struct usb_task into (diff) | |
| download | wireguard-openbsd-0fb0da3d3d18a0905d29f3ff2d9e4d6401c5a978.tar.xz wireguard-openbsd-0fb0da3d3d18a0905d29f3ff2d9e4d6401c5a978.zip | |
When a packet with an unusual protocol number got rewritten, the
header lenght was uninitialized. This resulted in a panic in
m_clget(). Initialize hdrlen with 0 and call m_copyback() only if
necessary.
ok henning@
| -rw-r--r-- | sys/net/pf.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 3ddad2188f7..59fd5fd3659 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.722 2011/01/22 11:43:57 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.723 2011/02/05 17:29:05 bluhm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3047,7 +3047,7 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, } /* copy back packet headers if we performed NAT operations */ - if (rewrite) + if (rewrite && hdrlen) m_copyback(m, off, hdrlen, pd->hdr.any, M_NOWAIT); #if NPFSYNC > 0 @@ -5517,6 +5517,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc *pd, struct mbuf *m, if (pd->hdr.any == NULL) panic("pf_setup_pdesc: no storage for headers provided"); + *hdrlen = 0; switch (af) { #ifdef INET case AF_INET: { |