Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Aug 2024 13:44:44 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 3151802d0316 - releng/14.0 - pf: some ICMP types that also have icmp_id, pointed out by markus@
Message-ID:  <202408071344.477DiiZL034221@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch releng/14.0 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=3151802d03162e8d287eaaaa41e1d187f5acbc67

commit 3151802d03162e8d287eaaaa41e1d187f5acbc67
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-07-10 11:32:03 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-08-07 13:31:30 +0000

    pf: some ICMP types that also have icmp_id, pointed out by markus@
    
    ok henning markus
    
    Approved by:    so
    Security:       FreeBSD-SA-24:05.pf
    Security:       CVE-2024-6640
    MFC after:      1 day
    Obtained From:  OpenBSD, mcbride <mcbride@openbsd.org> 8c0632cd274b
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit e296b0de9e467b8c5eb853f6cf4c6ea28d4119a2)
    (cherry picked from commit c5081b8d3918564c1aba5a5e3f0a5219568e3435)
---
 sys/netpfil/pf/pf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 0491cd7369f5..71611acde2c7 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1727,21 +1727,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
 		*icmp_dir = PF_IN;
 	case ICMP_TSTAMPREPLY:
 		*icmptype = ICMP_TSTAMP;
-		*icmpid = 0; /* Time is not a secret. */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_IREQREPLY:
 		*icmptype = ICMP_IREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_MASKREQ:
 		*icmp_dir = PF_IN;
 	case ICMP_MASKREPLY:
 		*icmptype = ICMP_MASKREQ;
-		*icmpid = 0; /* Nothing sane to match on! */
+		*icmpid = pd->hdr.icmp.icmp_id;
 		break;
 
 	case ICMP_IPV6_WHEREAREYOU:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202408071344.477DiiZL034221>