Improt pf.c 1.636 from OpenBSD

Original log: Make sure pd2 has a pointer to the icmp header in the payload; fixes panic seen with some some icmp types in icmp error message payloads. Obtained from: OpenBSD
author: bapt <bapt@FreeBSD.org> 2013-10-27 20:52:09 +0000
committer: bapt <bapt@FreeBSD.org> 2013-10-27 20:52:09 +0000
commit: 1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7 (patch)
tree: 3050edc54aea18ce08f377c6e3c73d7ed546b3e9 /sys/netpfil
parent: b0336915374481b7f02260fe98c40aaa787d03fe (diff)
download: FreeBSD-src-1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7.zip
FreeBSD-src-1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 9a23606..4770e0b 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -4994,7 +4994,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				return (PF_DROP);
 			}
 
-			icmpid = iih.icmp_id;
+			pd2.hdr.icmp = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 
@@ -5049,6 +5049,7 @@ pf_test_state_icmp(struct pf_state **state, int direction, struct pfi_kif *kif,
 				return (PF_DROP);
 			}
 
+			pd2.hdr.icmp6 = &iih;
 			pf_icmp_mapping(&pd2, iih.icmp6_type,
 			    &icmp_dir, &multi, &virtual_id, &virtual_type);
 			ret = pf_icmp_state_lookup(&key, &pd2, state, m,
author	bapt <bapt@FreeBSD.org>	2013-10-27 20:52:09 +0000
committer	bapt <bapt@FreeBSD.org>	2013-10-27 20:52:09 +0000
commit	1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7 (patch)
tree	3050edc54aea18ce08f377c6e3c73d7ed546b3e9 /sys/netpfil
parent	b0336915374481b7f02260fe98c40aaa787d03fe (diff)
download	FreeBSD-src-1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7.zip FreeBSD-src-1ff3794c183e56f627de2ac5b7ab3f0469e0e9b7.tar.gz