From 9c892dcd4c343f6e6988e0c2740db24720b8077a Mon Sep 17 00:00:00 2001 From: ae Date: Mon, 11 Mar 2019 10:33:32 +0000 Subject: [PATCH] Add NULL pointer check to nat64_output(). It is possible, that a processed packet was originated by local host, in this case m->m_pkthdr.rcvif is NULL. Check and set it to V_loif to avoid NULL pointer dereference in IP input code, since it is expected that packet has valid receiving interface when netisr processes it. Obtained from: Yandex LLC MFC after: 1 week Sponsored by: Yandex LLC --- sys/netpfil/ipfw/nat64/nat64_translate.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/ipfw/nat64/nat64_translate.c b/sys/netpfil/ipfw/nat64/nat64_translate.c index 4c2301e70e35..db26d7d3f87b 100644 --- a/sys/netpfil/ipfw/nat64/nat64_translate.c +++ b/sys/netpfil/ipfw/nat64/nat64_translate.c @@ -219,6 +219,8 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, } if (logdata != NULL) nat64_log(logdata, m, af); + if (m->m_pkthdr.rcvif == NULL) + m->m_pkthdr.rcvif = V_loif; ret = netisr_queue(ret, m); if (ret != 0) NAT64STAT_INC(stats, oerrors);