Date: Wed, 27 May 2026 13:42:10 +0000 From: Cy Schubert <cy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Teddy Engel <engel.teddy@gmail.com> Subject: git: fb0729bdc278 - stable/14 - ipfilter: Add NULL check for fin_dp in ICMP packet handlers Message-ID: <6a16f4b2.1d0bf.a70a7b2@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=fb0729bdc278d5402fc935998b5051d471c5380b commit fb0729bdc278d5402fc935998b5051d471c5380b Author: Teddy Engel <engel.teddy@gmail.com> AuthorDate: 2026-05-19 21:36:15 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2026-05-27 13:42:01 +0000 ipfilter: Add NULL check for fin_dp in ICMP packet handlers Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp() before dereferencing. When processing packets with IPv6 extension headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL due to extension header processing leaving insufficient data for the protocol header. PR: 288333 Pull Request: https://github.com/freebsd/freebsd-src/pull/2214 Signed-off-by: Teddy Engel <engel.teddy@gmail.com> (cherry picked from commit 68ed81631afa20c07883f7f60343f6da8397ee41) --- sys/netpfil/ipfilter/netinet/fil.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c index 2c9a0732da1c..7d2b21775be9 100644 --- a/sys/netpfil/ipfilter/netinet/fil.c +++ b/sys/netpfil/ipfilter/netinet/fil.c @@ -894,6 +894,8 @@ ipf_pr_icmp6(fr_info_t *fin) ip6_t *ip6; icmp6 = fin->fin_dp; + if (icmp6 == NULL) + return; fin->fin_data[0] = *(u_short *)icmp6; @@ -1202,6 +1204,8 @@ ipf_pr_icmp(fr_info_t *fin) } icmp = fin->fin_dp; + if (icmp == NULL) + return; fin->fin_data[0] = *(u_short *)icmp; fin->fin_data[1] = icmp->icmp_id;home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a16f4b2.1d0bf.a70a7b2>