Date: Thu, 26 Mar 2026 01:14:57 +0000 From: Philip Paeps <philip@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin <grembo@FreeBSD.org> Subject: git: 4708ee4543c6 - releng/14.4 - pf: Fix hashing of IP address ranges Message-ID: <69c48891.18f94.2433ec52@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=4708ee4543c6e5fedcfe77d273a5d5de1b58779d commit 4708ee4543c6e5fedcfe77d273a5d5de1b58779d Author: Michael Gmelin <grembo@FreeBSD.org> AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2026-03-25 16:10:16 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. Approved by: so Security: FreeBSD-SA:26:09.pf Security: CVE-2026-4748 Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) (cherry picked from commit ac6bb58a715eaf0afb7a80dc87083f9819e10ac1) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 663612305f1f..1fff0667aa1a 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1264,6 +1264,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32);home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c48891.18f94.2433ec52>