From c34fe1b3cf88eb8acf1a10a07d780dbf157bdf0b Mon Sep 17 00:00:00 2001 From: bluhm Date: Wed, 20 Jan 2021 23:25:19 +0000 Subject: [PATCH] An invalid packet may not have set src and dst in packet descriptor. Add a NULL check to prevent crash in pflog(4) introduced in previous commit. Reported-by: syzbot+c6d2f2ad34b822bce98a@syzkaller.appspotmail.com --- sys/net/if_pflog.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sys/net/if_pflog.c b/sys/net/if_pflog.c index 7b63991676e..a5bf67ac002 100644 --- a/sys/net/if_pflog.c +++ b/sys/net/if_pflog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.96 2021/01/20 13:40:15 bluhm Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.97 2021/01/20 23:25:19 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -232,12 +232,14 @@ pflog_packet(struct pf_pdesc *pd, u_int8_t reason, struct pf_rule *rm, hdr.dir = pd->dir; hdr.af = pd->af; - if (pd->af != pd->naf || - pf_addr_compare(pd->src, &pd->nsaddr, pd->naf) != 0 || - pf_addr_compare(pd->dst, &pd->ndaddr, pd->naf) != 0 || - pd->osport != pd->nsport || - pd->odport != pd->ndport) { - hdr.rewritten = 1; + if (pd->src != NULL && pd->dst != NULL) { + if (pd->af != pd->naf || + pf_addr_compare(pd->src, &pd->nsaddr, pd->naf) != 0 || + pf_addr_compare(pd->dst, &pd->ndaddr, pd->naf) != 0 || + pd->osport != pd->nsport || + pd->odport != pd->ndport) { + hdr.rewritten = 1; + } } hdr.naf = pd->naf; pf_addrcpy(&hdr.saddr, &pd->nsaddr, pd->naf); -- 2.20.1