From nobody Wed May 27 13:42:10 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gQW4z22yzz6f3mc for ; Wed, 27 May 2026 13:42:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gQW4y281qz4KQ9 for ; Wed, 27 May 2026 13:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779889330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7YTNfIjT+ifzR4wDfmXq3VLKnEk4N5Rp6H0JtuGX6A=; b=sLiN1ViyTnOwTo3atYlbhNR6uaM3Tvc7/V7KpzXA1CFYJ1g4Yy6TOFy6jPnVQFrsGKUTQ4 qn28nEahfMoLt+6a/Kpgk0+mbIkDV+1KJ+iVUZAtko8zHTdO2uVfsHgS/nUhC4XcZ9N2Ji sOsdzyqkL3pcPptgWAaxYnMH61nwb1/t52E5cm2Gd0XJX1i0tjqtNhJVX+pzgCSNtyB6zB q1cxYg9uDfOzZ2qmEaKqLePacoZKidFOnvlKsz518po4d5kDEhG/bkoM127QEfxQ+4jeC+ C6LQzus3jo7a4eENoL6LC/qS1qTY/n+QCRBcVm1iFzD4iRxDR4FgjbbfMAUtAw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779889330; a=rsa-sha256; cv=none; b=FpIrZQcNpGz8E1biXShaWQN/nDZZqoxyMZEIKwE+zO8zIpufTOMduMUx5B76axvO6o+S2W gtlI+/ccJwZwao0FjLpMo81dwJE7SutMB+y5sfXDtwXTYA5+Sl9t0IBUvoerq1VXDuLkHw 1hLZ6Ucx7vMpgGYI5I/2nowpgKb/vALP0wutlhgyPQO//v1PIVC4SugmxWjec42gpBf0aw 0jx/qstZ8Huz+e39dF0RV1Wrv0OMc/oQS/z0/9FmMZFDkZgxWKzl8e/vCluo0P0jtp1Z+r uwDDW+x+NUGxALfRqHsLpHyPdVrV1DLbNiIhYmcZso5bm+P9n+B+wyQq/5RRyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1779889330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7YTNfIjT+ifzR4wDfmXq3VLKnEk4N5Rp6H0JtuGX6A=; b=IpBT0vtoHg06CtWzWXocPQH5lOV/lGIRnNiLATFFnf4EjhKCKgChkVMw02m2az1Q6YAgNh Nza8rqlC+7AFqqXx2E7fY85XCkfkB91SnTTOvYV1U3y8Da78dv+WeeGtnQ7edxWOJ+PtUk nEw/vXDNVyitS22Pivo6owDxJrWglKTto+ZfvhyExVXe7YJLxVmJshq7SZFKebg6p+HS4Q hH4dzwagd35N8M6VRLZF1DYd3n8c3/iUJq8u51wfNOe07kpdoGOBm/4jeSm3M8Euzx/oSw Z72I0GgiDOaLKyBwNqlGNcYYP7dHfcn/mIuQEXrKwsPpWYmvkUsVcEu7CNFZ5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gQW4y1Zpnz125w for ; Wed, 27 May 2026 13:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1d0bf by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 27 May 2026 13:42:10 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Teddy Engel From: Cy Schubert Subject: git: fb0729bdc278 - stable/14 - ipfilter: Add NULL check for fin_dp in ICMP packet handlers List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: fb0729bdc278d5402fc935998b5051d471c5380b Auto-Submitted: auto-generated Date: Wed, 27 May 2026 13:42:10 +0000 Message-Id: <6a16f4b2.1d0bf.a70a7b2@gitrepo.freebsd.org> The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=fb0729bdc278d5402fc935998b5051d471c5380b commit fb0729bdc278d5402fc935998b5051d471c5380b Author: Teddy Engel AuthorDate: 2026-05-19 21:36:15 +0000 Commit: Cy Schubert CommitDate: 2026-05-27 13:42:01 +0000 ipfilter: Add NULL check for fin_dp in ICMP packet handlers Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp() before dereferencing. When processing packets with IPv6 extension headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL due to extension header processing leaving insufficient data for the protocol header. PR: 288333 Pull Request: https://github.com/freebsd/freebsd-src/pull/2214 Signed-off-by: Teddy Engel (cherry picked from commit 68ed81631afa20c07883f7f60343f6da8397ee41) --- sys/netpfil/ipfilter/netinet/fil.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/ipfilter/netinet/fil.c b/sys/netpfil/ipfilter/netinet/fil.c index 2c9a0732da1c..7d2b21775be9 100644 --- a/sys/netpfil/ipfilter/netinet/fil.c +++ b/sys/netpfil/ipfilter/netinet/fil.c @@ -894,6 +894,8 @@ ipf_pr_icmp6(fr_info_t *fin) ip6_t *ip6; icmp6 = fin->fin_dp; + if (icmp6 == NULL) + return; fin->fin_data[0] = *(u_short *)icmp6; @@ -1202,6 +1204,8 @@ ipf_pr_icmp(fr_info_t *fin) } icmp = fin->fin_dp; + if (icmp == NULL) + return; fin->fin_data[0] = *(u_short *)icmp; fin->fin_data[1] = icmp->icmp_id;