Date: Wed, 16 Jul 2025 12:47:26 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: d7e62fc3d719 - stable/14 - pf: ignore state update with invalid rtableid Message-ID: <202507161247.56GClQgo042092@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d7e62fc3d719469297681919b7bf0ed010b05344 commit d7e62fc3d719469297681919b7bf0ed010b05344 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-07-08 11:21:20 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-07-16 08:06:10 +0000 pf: ignore state update with invalid rtableid It's possible for a peer to send us a state update with an rtableid we don't support (i.e. >= net.fibs). Drop these updates rather than potentially crashing later by setting an invalid fib number. PR: 287981 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 4af4fefedd1bf14b5a27387075edde98744b722e) --- sys/netpfil/pf/if_pfsync.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 64c938ee52ee..8c080b472653 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -699,6 +699,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) __func__, msg_version); } + if (! (st->act.rtableid == -1 || + (st->act.rtableid >= 0 && st->act.rtableid < rt_numfibs))) + goto cleanup; + st->id = sp->pfs_1301.id; st->creatorid = sp->pfs_1301.creatorid; pf_state_peer_ntoh(&sp->pfs_1301.src, &st->src);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507161247.56GClQgo042092>