d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12f579b5ef
freebsd-skq/sys/netpfil/pf
History
kp 629163522d pf: Ensure that IP addresses match in ICMP error packets 
States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection.  It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet.  Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.

Reported by:	Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at Synacktiv
Obtained from:	OpenBSD
Security:	CVE-2019-5598
2019-03-21 08:09:52 +00:00
..
if_pflog.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
if_pfsync.c pf: Rename pfsync bucket lock 2019-03-16 10:14:03 +00:00
in4_cksum.c SPDX: license IDs for some ISC-related files. 2017-12-08 15:57:29 +00:00
pf_altq.h Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of 2018-08-22 19:38:48 +00:00
pf_if.c Mechanical cleanup of epoch(9) usage in network stack. 2019-01-09 01:11:19 +00:00
pf_ioctl.c pf: Fix DIOCGETSRCNODES 2019-03-08 09:33:16 +00:00
pf_lb.c pf: Fix endless loop on NAT exhaustion with sticky-address 2018-12-12 20:15:06 +00:00
pf_mtag.h sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_norm.c pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or cause a panic 2019-03-01 07:37:45 +00:00
pf_osfp.c Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
pf_ruleset.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
pf_table.c pf :Use counter(9) in pf tables. 2019-03-15 11:08:44 +00:00
pf.c pf: Ensure that IP addresses match in ICMP error packets 2019-03-21 08:09:52 +00:00
pf.h netpfil: Introduce PFIL_FWD flag 2018-03-23 16:56:44 +00:00