From nobody Wed May 27 13:41:43 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gQW4R6rCVz6f3s7 for ; Wed, 27 May 2026 13:41:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gQW4R50w1z4Jlw for ; Wed, 27 May 2026 13:41:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779889303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WQw3mMCM0Xnv1Cy0xmlFiD0XnKAz+1A1evRA72g692s=; b=ixfNjFFk12L2iHirU4AZLZ1cLyXDMLSQpwbeT1gKTBI3V02svW9p2sNOGfrh2MB9xUXMWy HUMLpQt7cNIkVPzTuN4NUp4LnTIiqgHfMvI3owvXI9I7uKAmCwarKFDScBQ/sddjO0/jL+ EomLrEIaOvmQW9nC9hm4J0sAbKyxDluyhA5qNB6kQ0Yoj2rFmGPI3pxdRRa9e2RDUDR2eD 7gs13mMITjQKVT/lJ7bWXHH4N8VA2GOhrYgUJaWP5GLkmbieqz5HGiJQYfjdBuWSYV/LoD 4vu4pPPMUwB5ZvZvoyiPm9/ACSbjWhT9ZvOVrsyBKcvdRHeE/TV99UONKeJkSQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779889303; a=rsa-sha256; cv=none; b=kCZ4crb/DJfGDkJKiJss5l6Xqj0qKH1R6h5lI2ajDQDc2GnakrzvNuiFw3SUw7n+yogHEk kvvjrtUdktDuRmTt38aVsF1z5w/jB7Si0rwcFUqKc9jWnV0OVgYQYzKSo905mI0FdIPzF8 3jZfd6nwTx5EgKxE2r6JSy0P+QO/chVIScZdgZARuDvdCMYd0ag/0IVIrlFIp5J6w7wkBT MHIEzSbaOFZ/Arz6Jc9XRay8TfzrfnOvEtis0aOdD1YNifyJ2hc9EKIIoXFDGnaRYDt87n l5wMtVaxCqnxME6CrdyRTxnxsYoRWey2S+N5o4otxntmvHoHMxNBYqKn97tKsA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779889303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WQw3mMCM0Xnv1Cy0xmlFiD0XnKAz+1A1evRA72g692s=; b=wtY8nPQ/Nvpw+rGMuFYY6dEYVf8xPNieJxqe8OJPYhLJA9cu2KtMO9c9doqyZVbgXP4Pyk Hc719LgVeWX8bI2bcvjcg8kQif3GSEZha3jj3D4bEKr/mkd5/sx9kNG8BEJf75ywqEt1T1 HRcYJilben+JNG3NwGlFzjddNGT9DIVDe2W47trqchxFjtt5M8Ezo78vyQf5upe+xy0Kpi VQ7n82zWKzwaLwvzwpfUxAUMCxlGIiLJlYTeqCcpQ0hEpeByOhwhprsQ1DbrXXokIS8i6t 2CU3oLUWjPHJG7QYV6Vq86UTsfgPNA/vtQYhmSO9H/tqtnTQj1eZW3p5pqPQgA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gQW4R4cZ3z125c for ; Wed, 27 May 2026 13:41:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c535 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 27 May 2026 13:41:43 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Teddy Engel From: Cy Schubert Subject: git: b2076f39a117 - stable/15 - ipfilter: Add NULL check for fin_dp in ICMP packet handlers List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b2076f39a11723506f202f980fda281af3448bf4 Auto-Submitted: auto-generated Date: Wed, 27 May 2026 13:41:43 +0000 Message-Id: <6a16f497.1c535.72b4fc66@gitrepo.freebsd.org> The branch stable/15 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=b2076f39a11723506f202f980fda281af3448bf4 commit b2076f39a11723506f202f980fda281af3448bf4 Author: Teddy Engel AuthorDate: 2026-05-19 21:36:15 +0000 Commit: Cy Schubert CommitDate: 2026-05-27 13:41:25 +0000 ipfilter: Add NULL check for fin_dp in ICMP packet handlers Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp() before dereferencing. When processing packets with IPv6 extension headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL due to extension header processing leaving insufficient data for the protocol header. PR: 288333 Pull Request: https://github.com/freebsd/freebsd-src/pull/2214 Signed-off-by: Teddy Engel (cherry picked from commit 68ed81631afa20c07883f7f60343f6da8397ee41) --- sys/netpfil/ipfilter/netinet/fil.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c index 8acf37c4c81f..cc723eba4ffc 100644 --- a/sys/netpfil/ipfilter/netinet/fil.c +++ b/sys/netpfil/ipfilter/netinet/fil.c @@ -890,6 +890,8 @@ ipf_pr_icmp6(fr_info_t *fin) ip6_t *ip6; icmp6 = fin->fin_dp; + if (icmp6 == NULL) + return; fin->fin_data[0] = *(u_short *)icmp6; @@ -1198,6 +1200,8 @@ ipf_pr_icmp(fr_info_t *fin) } icmp = fin->fin_dp; + if (icmp == NULL) + return; fin->fin_data[0] = *(u_short *)icmp; fin->fin_data[1] = icmp->icmp_id;