aboutsummaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTeddy Engel <engel.teddy@gmail.com>2026-05-19 21:36:33 +0000
committerCy Schubert <cy@FreeBSD.org>2026-05-20 15:33:43 +0000
commitc028080749c09e68c555155df0e9f681ba63c6ae (patch)
tree03efa9d6a7b6c0f3a94081fae8eaa6cf169ad28d /sys
parentcdc40489a7a617b742e295cf9005b3569b45e823 (diff)
Diffstat (limited to 'sys')
-rw-r--r--sys/netpfil/ipfilter/netinet/ip_state.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/netpfil/ipfilter/netinet/ip_state.c b/sys/netpfil/ipfilter/netinet/ip_state.c
index c8d6e4e0feb3..d5a04e326321 100644
--- a/sys/netpfil/ipfilter/netinet/ip_state.c
+++ b/sys/netpfil/ipfilter/netinet/ip_state.c
@@ -4364,9 +4364,13 @@ ipf_checkicmp6matchingstate(fr_info_t *fin)
}
ic6 = fin->fin_dp;
+ if (ic6 == NULL) {
+ SBUMPD(ipf_state_stats, iss_icmp6_miss);
+ return (NULL);
+ }
oip6 = (ip6_t *)((char *)ic6 + ICMPERR_ICMPHLEN);
- if (fin->fin_plen < sizeof(*oip6)) {
+ if (fin->fin_dlen < ICMPERR_ICMPHLEN + sizeof(*oip6)) {
SBUMPD(ipf_state_stats, iss_icmp_short);
return (NULL);
}
@@ -4408,6 +4412,10 @@ ipf_checkicmp6matchingstate(fr_info_t *fin)
if (oip6->ip6_nxt == IPPROTO_ICMPV6) {
oic = ofin.fin_dp;
+ if (oic == NULL) {
+ SBUMPD(ipf_state_stats, iss_icmp6_miss);
+ return (NULL);
+ }
/*
* an ICMP error can only be generated as a result of an
* ICMP query, not as the response on an ICMP error
generated by cgit v1.3 (git 2.53.0) at 2026-05-29 22:04:12 +0000