Date: Thu, 26 Mar 2026 01:11:21 +0000 From: Philip Paeps <philip@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin <grembo@FreeBSD.org> Subject: git: 797bc7cae35f - releng/15.0 - pf: Fix hashing of IP address ranges Message-ID: <69c487b9.471c7.43d0180b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=797bc7cae35f7e6ec59baba04a951150604e0431 commit 797bc7cae35f7e6ec59baba04a951150604e0431 Author: Michael Gmelin <grembo@FreeBSD.org> AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2026-03-25 16:05:34 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) (cherry picked from commit 38f8ac568273fde3f41582c6bc01ea4b2c9dc029) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 856bbd6cb9cb..f924bde141ad 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1350,6 +1350,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c487b9.471c7.43d0180b>