HomeFreeBSD
Diffusion FreeBSD src repository 6979b4db10b8

pf: split ICMP/ICMPv6 number space in pf_icmp_mapping()
6979b4db10b8
Actions

Description

pf: split ICMP/ICMPv6 number space in pf_icmp_mapping()

In pf_icmp_mapping() the ICMP and ICMPv6 types shared the same
number space. In fact they are independent and must be handled
separately. Fix traceroute via pf by splitting pf_icmp_mapping()
into IPv4 and IPv6 sections.
ok henning@ mcbride@; tested mcbride@; sure deraadt@

Approved by: so
Security: FreeBSD-SA-24:05.pf
Security: CVE-2024-6640
MFC after: 1 day
Obtained From: OpenBSD, bluhm <bluhm@openbsd.org> ef4bccd7509e
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 46755f52247bd34a7f013d6844ed0c673ac0defc)
(cherry picked from commit 7f77305a5ba421f901cf3ac59a6449a70645fda4)

Details

Provenance
kpAuthored on Jul 10 2024, 12:10 PM
markjCommitted on Aug 7 2024, 1:32 PM
Parents
rGc95f99c0abb3: pf: some ICMP types that also have icmp_id, pointed out by markus@
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
netpfil/
pf/

rG6979b4db10b8

View Options

sys/netpfil/pf/pf.c

Loading...