From ed315ac6df13944ad85d2eb5a348d54ee187284d Mon Sep 17 00:00:00 2001 From: martijn Date: Sun, 30 Jan 2022 13:26:14 +0000 Subject: [PATCH] When walking a pf table, we only are supposed to return IPv4 addresses. If a table has mixed IPv4 and IPv6 addresses and we walk over it an IPv6 address could be returned if it followed an IPv4 address, causing an error. Found by florian@ OK florian@ millert@ --- usr.sbin/snmpd/pf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr.sbin/snmpd/pf.c b/usr.sbin/snmpd/pf.c index ca610da0832..41e54e73d46 100644 --- a/usr.sbin/snmpd/pf.c +++ b/usr.sbin/snmpd/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.11 2019/06/28 13:32:51 deraadt Exp $ */ +/* $OpenBSD: pf.c,v 1.12 2022/01/30 13:26:14 martijn Exp $ */ /* * Copyright (c) 2012 Joel Knight @@ -422,10 +422,10 @@ pfta_get_nextaddr(struct pfr_astats *ras, int *tblidx) goto fail; PFRB_FOREACH(as, &ba) { - if (found) - goto found; if (as->pfras_a.pfra_af != AF_INET) continue; + if (found) + goto found; if ((memcmp(&as->pfras_a.pfra_ip4addr, &ras->pfras_a.pfra_ip4addr, sizeof(as->pfras_a.pfra_ip4addr)) == 0) -- 2.20.1