2726bbe221
prevents a possible endless loop in pf_get_sport() with 'static-port' ICMP state entries use the ICMP ID as port for the unique state key. When checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop, possibly allowing a NATed LAN client to lock up the kernel. PR: kern/74930 Reported and tested by: Hugo Silva, Srebrenko Sehic MFC after: 3 days |
||
---|---|---|
.. | ||
if_pflog.c | ||
if_pflog.h | ||
if_pfsync.c | ||
if_pfsync.h | ||
pf_if.c | ||
pf_ioctl.c | ||
pf_norm.c | ||
pf_osfp.c | ||
pf_subr.c | ||
pf_table.c | ||
pf.c | ||
pfvar.h |