HomeFreeBSD
Diffusion FreeBSD src repository dcc05aee1495

pf: split ICMP/ICMPv6 number space in pf_icmp_mapping()
dcc05aee1495
Actions

Description

pf: split ICMP/ICMPv6 number space in pf_icmp_mapping()

In pf_icmp_mapping() the ICMP and ICMPv6 types shared the same
number space. In fact they are independent and must be handled
separately. Fix traceroute via pf by splitting pf_icmp_mapping()
into IPv4 and IPv6 sections.
ok henning@ mcbride@; tested mcbride@; sure deraadt@

Approved by: so
Security: FreeBSD-SA-24:05.pf
Security: CVE-2024-6640
MFC after: 1 day
Obtained From: OpenBSD, bluhm <bluhm@openbsd.org> ef4bccd7509e
Sponsored by: Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 46755f52247bd34a7f013d6844ed0c673ac0defc)

Details

Provenance
kpAuthored on Jul 10 2024, 12:10 PM
markjCommitted on Aug 7 2024, 1:37 PM
Parents
rGb778bbead38a: pf: some ICMP types that also have icmp_id, pointed out by markus@
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
netpfil/
pf/

rGdcc05aee1495

View Options

sys/netpfil/pf/pf.c

Loading...