From owner-svn-src-all@FreeBSD.ORG Mon Jul 29 13:17:18 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A933677A; Mon, 29 Jul 2013 13:17:18 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 964A425BA; Mon, 29 Jul 2013 13:17:18 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6TDHIpb091065; Mon, 29 Jul 2013 13:17:18 GMT (envelope-from ae@svn.freebsd.org) Received: (from ae@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6TDHIOx091064; Mon, 29 Jul 2013 13:17:18 GMT (envelope-from ae@svn.freebsd.org) Message-Id: <201307291317.r6TDHIOx091064@svn.freebsd.org> From: "Andrey V. Elsukov" Date: Mon, 29 Jul 2013 13:17:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r253769 - head/sys/netpfil/pf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jul 2013 13:17:18 -0000 Author: ae Date: Mon Jul 29 13:17:18 2013 New Revision: 253769 URL: http://svnweb.freebsd.org/changeset/base/253769 Log: Fix a possible NULL-pointer dereference on the pfsync(4) reconfiguration. Reported by: Eugene M. Zheganin Modified: head/sys/netpfil/pf/if_pfsync.c Modified: head/sys/netpfil/pf/if_pfsync.c ============================================================================== --- head/sys/netpfil/pf/if_pfsync.c Mon Jul 29 12:55:37 2013 (r253768) +++ head/sys/netpfil/pf/if_pfsync.c Mon Jul 29 13:17:18 2013 (r253769) @@ -1324,7 +1324,10 @@ pfsyncioctl(struct ifnet *ifp, u_long cm else if ((sifp = ifunit_ref(pfsyncr.pfsyncr_syncdev)) == NULL) return (EINVAL); - if (pfsyncr.pfsyncr_syncpeer.s_addr == 0 && sifp != NULL) + if (sifp != NULL && ( + pfsyncr.pfsyncr_syncpeer.s_addr == 0 || + pfsyncr.pfsyncr_syncpeer.s_addr == + htonl(INADDR_PFSYNC_GROUP))) mship = malloc((sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_PFSYNC, M_WAITOK | M_ZERO);