Date: Wed, 20 May 2026 15:34:53 +0000 From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Cc: Teddy Engel <engel.teddy@gmail.com> Subject: git: 68ed81631afa - main - ipfilter: Add NULL check for fin_dp in ICMP packet handlers Message-ID: <6a0dd49d.46028.387f48d6@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=68ed81631afa20c07883f7f60343f6da8397ee41 commit 68ed81631afa20c07883f7f60343f6da8397ee41 Author: Teddy Engel <engel.teddy@gmail.com> AuthorDate: 2026-05-19 21:36:15 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2026-05-20 15:33:43 +0000 ipfilter: Add NULL check for fin_dp in ICMP packet handlers Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp() before dereferencing. When processing packets with IPv6 extension headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL due to extension header processing leaving insufficient data for the protocol header. PR: 288333 MFC after: 1 week Pull Request: https://github.com/freebsd/freebsd-src/pull/2214 Signed-off-by: Teddy Engel <engel.teddy@gmail.com> --- sys/netpfil/ipfilter/netinet/fil.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c index cabc6c350981..4174fdcc5f58 100644 --- a/sys/netpfil/ipfilter/netinet/fil.c +++ b/sys/netpfil/ipfilter/netinet/fil.c @@ -890,6 +890,8 @@ ipf_pr_icmp6(fr_info_t *fin) ip6_t *ip6; icmp6 = fin->fin_dp; + if (icmp6 == NULL) + return; fin->fin_data[0] = *(u_short *)icmp6; @@ -1198,6 +1200,8 @@ ipf_pr_icmp(fr_info_t *fin) } icmp = fin->fin_dp; + if (icmp == NULL) + return; fin->fin_data[0] = *(u_short *)icmp; fin->fin_data[1] = icmp->icmp_id;home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a0dd49d.46028.387f48d6>