Fix a possible NULL-pointer dereference on the pfsync(4) reconfiguration.

Reported by: Eugene M. Zheganin
author: ae <ae@FreeBSD.org> 2013-07-29 13:17:18 +0000
committer: ae <ae@FreeBSD.org> 2013-07-29 13:17:18 +0000
commit: 2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9 (patch)
tree: 5cdf5265d1718a1b27d3cb9d1d193986dd1ac994 /sys/netpfil
parent: ff03e9940ff040d785c026b7cf7f73a0ffd9f23a (diff)
download: FreeBSD-src-2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9.zip
FreeBSD-src-2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index 5c44757..982f856 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -1324,7 +1324,10 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 		else if ((sifp = ifunit_ref(pfsyncr.pfsyncr_syncdev)) == NULL)
 			return (EINVAL);
 
-		if (pfsyncr.pfsyncr_syncpeer.s_addr == 0 && sifp != NULL)
+		if (sifp != NULL && (
+		    pfsyncr.pfsyncr_syncpeer.s_addr == 0 ||
+		    pfsyncr.pfsyncr_syncpeer.s_addr ==
+		    htonl(INADDR_PFSYNC_GROUP)))
 			mship = malloc((sizeof(struct in_multi *) *
 			    IP_MIN_MEMBERSHIPS), M_PFSYNC, M_WAITOK | M_ZERO);
author	ae <ae@FreeBSD.org>	2013-07-29 13:17:18 +0000
committer	ae <ae@FreeBSD.org>	2013-07-29 13:17:18 +0000
commit	2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9 (patch)
tree	5cdf5265d1718a1b27d3cb9d1d193986dd1ac994 /sys/netpfil
parent	ff03e9940ff040d785c026b7cf7f73a0ffd9f23a (diff)
download	FreeBSD-src-2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9.zip FreeBSD-src-2b407e5f3f7745ff2f77f693dfee98eeab2a8fc9.tar.gz