The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=646b453110aa78abef24f507e7ef4562a7109897
commit 646b453110aa78abef24f507e7ef4562a7109897
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-04-10 11:49:03 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-04-10 13:36:41 +0000
pf: fix pf_ioctl_add_addr() validation
Ensure we can only pass AF_UNSPEC, AF_INET or AF_INET6 (and only when
supported
in our kernel config).
Reported-by: syzbot+8a9ee157bfed9e6b9...@syzkaller.appspotmail.com
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pf_ioctl.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 3ee5173c1313..44da2e156ce2 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -2571,14 +2571,20 @@ pf_ioctl_add_addr(struct pf_nl_pooladdr *pp)
pp->which != PF_RT)
return (EINVAL);
-#ifndef INET
- if (pp->af == AF_INET)
- return (EAFNOSUPPORT);
+ switch (pp->af) {
+#ifdef INET
+ case AF_INET:
+ /* FALLTHROUGH */
#endif /* INET */
-#ifndef INET6
- if (pp->af == AF_INET6)
- return (EAFNOSUPPORT);
+#ifdef INET6
+ case AF_INET6:
+ /* FALLTHROUGH */
#endif /* INET6 */
+ case AF_UNSPEC:
+ break;
+ default:
+ return (EAFNOSUPPORT);
+ }
if (pp->addr.addr.type != PF_ADDR_ADDRMASK &&
pp->addr.addr.type != PF_ADDR_DYNIFTL &&
