Diffusion FreeBSD src repository a1ecbc570117

pf: fix use-after-free
a1ecbc570117
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Mute Notifications
Flag For Later
Award Token

Description

pf: fix use-after-free

If we fragment the packet in pf_route() the first transmitted packet
will free the pf_mtag we have stored in pf_pdesc (pd). Ensure we
update that pointer for every packet to avoid using a freed pointer in
pf_dummynet_route().

Reported by: CI KASAN, markj
MFC after: 1 week

Details

Provenance

kp	Authored on Mar 23 2024, 4:02 PM

Parents

rG75d15e893b14: netpfil tests: disable ICMPv6 rate limiting in the test jail

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGa1ecbc570117: pf: fix use-after-free (authored by kp).Mar 25 2024, 4:44 AM

kp mentioned this in rG2fed983ceb66: pf: fix use-after-free.Apr 1 2024, 7:35 AM

Changes (1)

Path

Size

sys/

netpfil/

pf/

pf.c

rGa1ecbc570117

View Options