git: da64fc8609d5 - main - pflog: ensure we can't read outside V_pflogifs

Kristof Provost Wed, 19 Feb 2025 02:43:11 -0800

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=da64fc8609d53e3b72529c32b76bf1c29bb48e23


commit da64fc8609d53e3b72529c32b76bf1c29bb48e23
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-02-14 08:07:02 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-02-19 10:41:10 +0000

    pflog: ensure we can't read outside V_pflogifs
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/if_pflog.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netpfil/pf/if_pflog.c b/sys/netpfil/pf/if_pflog.c
index 7c9baaeaba76..016ff96b02b4 100644
--- a/sys/netpfil/pf/if_pflog.c
+++ b/sys/netpfil/pf/if_pflog.c
@@ -251,6 +251,9 @@ pflog_packet(uint8_t action, u_int8_t reason,
        if (rm == NULL || pd == NULL)
                return (1);
 
+       if (rm->logif > V_npflogifs)
+               return (0);
+
        ifn = V_pflogifs[rm->logif];
        if (ifn == NULL || !bpf_peers_present(ifn->if_bpf))
                return (0);

git: da64fc8609d5 - main - pflog: ensure we can't read outside V_pflogifs

Reply via email to