[src/trunk]: src/sys/dist/pf/net Merge in a fix from OPENBSD_3_6.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/dist/pf/net Merge in a fix from OPENBSD_3_6.
From: peter <peter%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 16:23:12 +0000

details:   https://anonhg.NetBSD.org/src/rev/6f159a9b7fb4
branches:  trunk
changeset: 573919:6f159a9b7fb4
user:      peter <peter%NetBSD.org@localhost>
date:      Mon Feb 14 21:27:26 2005 +0000

description:
Merge in a fix from OPENBSD_3_6.
ok yamt@

> MFC:
> Fix by dhartmei@
>
> ICMP state entries use the ICMP ID as port for the unique state key. When
> checking for a usable key, construct the key in the same way. Otherwise,
> a colliding key might be missed or a state insertion might be refused even
> though it could be inserted. The second case triggers the endless loop
> fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
> Report and test data by Srebrenko Sehic.

diffstat:

 sys/dist/pf/net/pf.c |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (38 lines):

diff -r b95432c0911d -r 6f159a9b7fb4 sys/dist/pf/net/pf.c
--- a/sys/dist/pf/net/pf.c      Mon Feb 14 20:46:26 2005 +0000
+++ b/sys/dist/pf/net/pf.c      Mon Feb 14 21:27:26 2005 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: pf.c,v 1.11 2004/12/21 12:06:37 peter Exp $    */
-/*     $OpenBSD: pf.c,v 1.457.2.6 2004/12/19 18:48:57 brad Exp $ */
+/*     $NetBSD: pf.c,v 1.12 2005/02/14 21:27:26 peter Exp $    */
+/*     $OpenBSD: pf.c,v 1.457.2.7 2005/01/06 14:11:56 brad Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -2056,7 +2056,7 @@
                 * similar 2 portloop in in_pcbbind
                 */
                if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP)) {
-                       key.gwy.port = 0;
+                       key.gwy.port = dport;
                        if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL)
                                return (0);
                } else if (low == 0 && high == 0) {
@@ -3287,7 +3287,7 @@
        if (direction == PF_OUT) {
                /* check outgoing packet for BINAT/NAT */
                if ((nr = pf_get_translation(pd, m, off, PF_OUT, kif, &nsn,
-                   saddr, 0, daddr, 0, &pd->naddr, NULL)) != NULL) {
+                   saddr, icmpid, daddr, icmpid, &pd->naddr, NULL)) != NULL) {
                        PF_ACPY(&pd->baddr, saddr, af);
                        switch (af) {
 #ifdef INET
@@ -3311,7 +3311,7 @@
        } else {
                /* check incoming packet for BINAT/RDR */
                if ((nr = pf_get_translation(pd, m, off, PF_IN, kif, &nsn,
-                   saddr, 0, daddr, 0, &pd->naddr, NULL)) != NULL) {
+                   saddr, icmpid, daddr, icmpid, &pd->naddr, NULL)) != NULL) {
                        PF_ACPY(&pd->baddr, daddr, af);
                        switch (af) {
 #ifdef INET

Prev by Date: [src/trunk]: src/lib/libssh Remove HAVE_LOGIN_CAP it is not used.
Next by Date: [src/trunk]: src/share/man/man9 Correct reference to uio_resid. PR 29355.
Previous by Thread: [src/trunk]: src/lib/libssh Remove HAVE_LOGIN_CAP it is not used.
Next by Thread: [src/trunk]: src/share/man/man9 Correct reference to uio_resid. PR 29355.
Indexes:

Home | Main Index | Thread Index | Old Index