[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Brad Smith <brad_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Thu, 6 Jan 2005 07:11:57 -0700 (MST)

CVSROOT:	/cvs
Module name:	src
Changes by:	brad_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2005/01/06 07:11:56

Modified files:
	sys/net        : Tag: OPENBSD_3_6 pf.c 

Log message:
MFC:
Fix by dhartmei@

ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.

ok deraadt@

Prev by Date: CVS: cvs.openbsd.org: src
Next by Date: CVS: cvs.openbsd.org: src
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org