git: 7b0b4fca080e - main - pfctl: getifaddrs() can return entries where ifa_addr is NULL

Kristof Provost Tue, 15 Jul 2025 03:08:58 -0700

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=7b0b4fca080e818e5cf2559453345b6057d33064


commit 7b0b4fca080e818e5cf2559453345b6057d33064
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-07-08 09:48:52 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-07-15 07:55:30 +0000

    pfctl: getifaddrs() can return entries where ifa_addr is NULL
    
    Check for this before accessing anything in ifa_addr.
    ok claudio@
    
    Obtained from:  OpenBSD, benno <be...@openbsd.org>, ff7f497850
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sbin/pfctl/pfctl_parser.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index bd2c10c8080f..cc2b03ec211f 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1483,7 +1483,8 @@ ifa_load(void)
                err(1, "getifaddrs");
 
        for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
-               if (!(ifa->ifa_addr->sa_family == AF_INET ||
+               if (ifa->ifa_addr == NULL ||
+                   !(ifa->ifa_addr->sa_family == AF_INET ||
                    ifa->ifa_addr->sa_family == AF_INET6 ||
                    ifa->ifa_addr->sa_family == AF_LINK))
                                continue;

git: 7b0b4fca080e - main - pfctl: getifaddrs() can return entries where ifa_addr is NULL

Reply via email to