d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the bug introduced in r342908, that causes problems with dynamic

Browse Source 
handling for protocols without ports numbers.

Since port numbers were uninitialized for protocols like ICMP/ICMPv6,
ipfw_chk() used some non-zero values to create dynamic states, and due
this it failed to match replies with created states.

Reported by:	Oliver Hartmann, Boris Lytochkin
Obtained from:	Yandex LLC
X-MFC after:	r342908
This commit is contained in:
Andrey V. Elsukov 2019-01-29 11:18:41 +00:00
parent 524553f56d
commit 7664b71b62
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/netpfil/ipfw/ip_fw2.c
View File

@ -1410,6 +1410,7 @@ ipfw_chk(struct ip_fw_args *args)
dst_ip.s_addr = 0; /* make sure it is initialized */ dst_ip.s_addr = 0; /* make sure it is initialized */
src_ip.s_addr = 0; /* make sure it is initialized */ src_ip.s_addr = 0; /* make sure it is initialized */
src_port = dst_port = 0;
pktlen = m->m_pkthdr.len; pktlen = m->m_pkthdr.len;
DYN_INFO_INIT(&dyn_info); DYN_INFO_INIT(&dyn_info);
@ -1688,7 +1689,6 @@ do { \
args->f_id.dst_ip = ntohl(dst_ip.s_addr); args->f_id.dst_ip = ntohl(dst_ip.s_addr);
} else { } else {
proto = 0; proto = 0;
src_port = dst_port = 0;
dst_ip.s_addr = src_ip.s_addr = 0; dst_ip.s_addr = src_ip.s_addr = 0;
args->f_id.addr_type = 1; /* XXX */ args->f_id.addr_type = 1; /* XXX */