Date: Sun, 30 Nov 2025 10:32:01 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 260867] pf: divert-to packets infinitely loop when written back to divert socket Message-ID: <bug-260867-16861-bXoib2lCf1@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260867-16861@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260867 --- Comment #14 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=81385f622037a5b78fd4f8046163367fa607d37a commit 81385f622037a5b78fd4f8046163367fa607d37a Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-11-15 13:44:54 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-11-29 20:02:00 +0000 pf: handle divert packets In a divert setup pf_test_state() may return PF_PASS, but not set the state pointer. We didn't handle that, and as a result crashed immediately afterwards trying to dereference that NULL state pointer. Add a test case to provoke the problem. PR: 260867 MFC after: 2 weeks Submitted by: Phil Budne <phil.budne@gmail.com> Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66f2f1c83247f05a3a599d7e88c7e7efbedd16b5) sys/netpfil/pf/pf.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260867-16861-bXoib2lCf1>