upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: some ICMP types that also have icmp_id, pointed out by markus@

Browse source 
ok henning markus

Approved by:	so
Security:	FreeBSD-SA-24:05.pf
Security:	CVE-2024-6640
MFC after:	1 day
Obtained From:	OpenBSD, mcbride <mcbride@openbsd.org> 8c0632cd274b
Sponsored by:	Rubicon Communications, LLC ("Netgate")

(cherry picked from commit e296b0de9e)
(cherry picked from commit c5081b8d39)
This commit is contained in:
Kristof Provost 2024-07-10 13:32:03 +02:00 committed by Franco Fichtner
parent 9ceb7fda9d
commit f924c2e1ff
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/netpfil/pf/pf.c
View file

@ -1789,21 +1789,21 @@ pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
*icmp_dir = PF_IN;
case ICMP_TSTAMPREPLY:
*icmptype = ICMP_TSTAMP;
*icmpid = 0; /* Time is not a secret. */
*icmpid = pd->hdr.icmp.icmp_id;
break;
case ICMP_IREQ:
*icmp_dir = PF_IN;
case ICMP_IREQREPLY:
*icmptype = ICMP_IREQ;
*icmpid = 0; /* Nothing sane to match on! */
*icmpid = pd->hdr.icmp.icmp_id;
break;
case ICMP_MASKREQ:
*icmp_dir = PF_IN;
case ICMP_MASKREPLY:
*icmptype = ICMP_MASKREQ;
*icmpid = 0; /* Nothing sane to match on! */
*icmpid = pd->hdr.icmp.icmp_id;
break;
case ICMP_IPV6_WHEREAREYOU: