When copying a NAT rule struct to userland for save by ipfs, use the

length of the struct in memmove() rather than an unintialized variable. This fixes the first of two kernel page faults when ipfs is invoked. PR: 235110 Reported by: David.Boyd49@twc.com MFC after: 2 weeks
2019-01-30 20:22:33 +00:00 · 2019-01-30 20:22:33 +00:00 · b63abbf63a
commit b63abbf63a
parent 9c812c8d4e
1 changed files with 1 additions and 1 deletions
--- a/sys/contrib/ipfilter/netinet/ip_nat.c
+++ b/sys/contrib/ipfilter/netinet/ip_nat.c
@ -1866,7 +1866,7 @@ ipf_nat_getent(softc, data, getlock)
 	 */
 	if (nat->nat_ptr != NULL)
 		bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
-		      ipn->ipn_ipnat.in_size);
+		      sizeof(nat->nat_ptr));

 	/*
 	 * If we also know the NAT entry has an associated filter rule,