Date: Tue, 15 Jul 2025 09:54:19 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 288224] pf_translate_af() can cause NULL deref if ip6_plen is too big Message-ID: <bug-288224-227-NBHvPfCYLd@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-288224-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288224 Kristof Provost <kp@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |kp@freebsd.org Status|New |In Progress --- Comment #1 from Kristof Provost <kp@freebsd.org> --- Thanks for the report. I believe it's going to affect more than just nat64. Essentially we were missing the 'is this mbuf long enough for this packet length?' check for IPv6. Proposed fix and test case in https://reviews.freebsd.org/D51324 I did add the test to the nat64 tests, because that's where you found it. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-288224-227-NBHvPfCYLd>