Diffusion FreeBSD src repository - subversion rS357786

ng_nat: avoid panic if attached directly to ng_ether and got short packet
rS357786
Actions

Description

ng_nat: avoid panic if attached directly to ng_ether and got short packet

From the beginning, ng_nat safely assumed cleansed traffic
because of limited ways it could be attached to NETGRAPH:
ng_ipfw or ng_ppp only.

Now as it may be attached with ng_ether too, the assumption proven wrong.
Add needed check to the ng_nat. Thanks for markj for debugging this.

PR: 243096
Submitted by: Lutz Donnerhacke <lutz@donnerhacke.de>
Reported by: Robert James Hernandez <rob@sarcasticadmin.com>
Reviewed by: markj and others
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D23091

Details

Provenance

eugen

Authored on

Reviewer

markj

Differential Revision

D23091: netgraph/ng_nat: Prevent crash by malformated packets

Parents

rS357785: MFV r357783:

Branches

Unknown

Tags

Unknown

Event Timeline

eugen committed rS357786: ng_nat: avoid panic if attached directly to ng_ether and got short packet.Feb 12 2020, 12:31 AM

eugen added an edge: D23091: netgraph/ng_nat: Prevent crash by malformated packets.

Changes (1)

Path

Size

head/

sys/

netgraph/

ng_nat.c

rS357786

View Options

head/sys/netgraph/ng_nat.c