diff options
| author |   jsg <jsg@openbsd.org> | 2015-08-03 13:33:12 +0000 |
|---|---|---|
| committer | jsg <jsg@openbsd.org> | 2015-08-03 13:33:12 +0000 |
| commit | 8972f59e243057842a74e039f3c21082d09b62b6 (patch) | |
| tree | b861c10b0d495b78012308bc108a677ecbaa0939 | |
| parent | On mips64, enable IPIs before calling refreshcreds() in trap(), to (diff) | |
| download | wireguard-openbsd-8972f59e243057842a74e039f3c21082d09b62b6.tar.xz wireguard-openbsd-8972f59e243057842a74e039f3c21082d09b62b6.zip | |
A recently added sanity check panic in pf_postprocess_addr() was
triggered for a reply-to rule. It turns out this case has been using
uninitialised memory as if it were a valid pf pool.
As the rest of the function assumes a valid pool for now just return.
Problem reported by RD Thrush.
ok jung@ mikeb@
| -rw-r--r-- | sys/net/pf_lb.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pf_lb.c b/sys/net/pf_lb.c index 4e8d0cd4999..6a8ea988d1d 100644 --- a/sys/net/pf_lb.c +++ b/sys/net/pf_lb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_lb.c,v 1.48 2015/07/20 18:42:08 jsg Exp $ */ +/* $OpenBSD: pf_lb.c,v 1.49 2015/08/03 13:33:12 jsg Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -873,7 +873,7 @@ pf_postprocess_addr(struct pf_state *cur) else if (nr->route.addr.type != PF_ADDR_NONE) rpool = nr->route; else - panic("no appropriate pool"); + return (0); if (((rpool.opts & PF_POOL_TYPEMASK) != PF_POOL_LEASTSTATES)) return (0); |