Diffusion FreeBSD src repository cb43e97aea11

pf: add missing IPv6 length check
cb43e97aea11
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pf: add missing IPv6 length check

We failed to verify that the packet was long enough for the provided IPv6 packet
length. This could result in us walking off the end of the mbuf and panicing.

PR: 288224
Reported by: Robert Morris <rtm@lcs.mit.edu>
Tested by: Robert Morris <rtm@lcs.mit.edu>
Reviewed by: emaste
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D51324

Details

Provenance

kp	Authored on Tue, Jul 15, 8:40 AM

Reviewer

Differential Revision

D51324: pf: add missing IPv6 length check

Parents

rGd00f66feaa17: pf: delay taking the rules lock in pf_test()

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGcb43e97aea11: pf: add missing IPv6 length check (authored by kp).Wed, Jul 16, 11:33 AM

kp added an edge: D51324: pf: add missing IPv6 length check.Wed, Jul 16, 11:58 AM

Changes (2)

Path

Size

sys/

netpfil/

pf/

tests/

sys/

netpfil/

pf/

rGcb43e97aea11

sys/netpfil/pf/pf.c

Loading...

tests/sys/netpfil/pf/nat64.py

Loading...