Add SA-19:03 to SA-19:07 and EN-19:08 to EN-19:10.

Approved by: so
svn path=/head/; revision=53023
2019-05-14 23:48:52 +00:00 · 2019-05-14 23:48:52 +00:00 · b9b9eea0f4 · 2020-12-08 03:00:23 +00:00
commit b9b9eea0f4
parent 2a48f90e8b
36 changed files with 411299 additions and 0 deletions
--- a/share/security/patches/SA-19:06/pf.patch
+++ b/share/security/patches/SA-19:06/pf.patch
@ -0,0 +1,69 @@
+--- sys/netpfil/pf/pf.c.orig
+++ sys/netpfil/pf/pf.c
+@@ -4588,7 +4588,7 @@
+ {
+ 	struct pf_addr  *saddr = pd->src, *daddr = pd->dst;
+ 	u_int16_t	 icmpid = 0, *icmpsum;
+-	u_int8_t	 icmptype;
+	u_int8_t	 icmptype, icmpcode;
+ 	int		 state_icmp = 0;
+ 	struct pf_state_key_cmp key;
+ 
+@@ -4597,6 +4597,7 @@
+ #ifdef INET
+ 	case IPPROTO_ICMP:
+ 		icmptype = pd->hdr.icmp->icmp_type;
+		icmpcode = pd->hdr.icmp->icmp_code;
+ 		icmpid = pd->hdr.icmp->icmp_id;
+ 		icmpsum = &pd->hdr.icmp->icmp_cksum;
+ 
+@@ -4611,6 +4612,7 @@
+ #ifdef INET6
+ 	case IPPROTO_ICMPV6:
+ 		icmptype = pd->hdr.icmp6->icmp6_type;
+		icmpcode = pd->hdr.icmp6->icmp6_code;
+ 		icmpid = pd->hdr.icmp6->icmp6_id;
+ 		icmpsum = &pd->hdr.icmp6->icmp6_cksum;
+ 
+@@ -4809,6 +4811,23 @@
+ #endif /* INET6 */
+ 		}
+ 
+		if (PF_ANEQ(pd->dst, pd2.src, pd->af)) {
+			if (V_pf_status.debug >= PF_DEBUG_MISC) {
+				printf("pf: BAD ICMP %d:%d outer dst: ",
+				    icmptype, icmpcode);
+				pf_print_host(pd->src, 0, pd->af);
+				printf(" -> ");
+				pf_print_host(pd->dst, 0, pd->af);
+				printf(" inner src: ");
+				pf_print_host(pd2.src, 0, pd2.af);
+				printf(" -> ");
+				pf_print_host(pd2.dst, 0, pd2.af);
+				printf("\n");
+			}
+			REASON_SET(reason, PFRES_BADSTATE);
+			return (PF_DROP);
+		}
+
+ 		switch (pd2.proto) {
+ 		case IPPROTO_TCP: {
+ 			struct tcphdr		 th;
+@@ -4865,7 +4884,7 @@
+ 			    !SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)))) {
+ 				if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ 					printf("pf: BAD ICMP %d:%d ",
+-					    icmptype, pd->hdr.icmp->icmp_code);
+					    icmptype, icmpcode);
+ 					pf_print_host(pd->src, 0, pd->af);
+ 					printf(" -> ");
+ 					pf_print_host(pd->dst, 0, pd->af);
+@@ -4878,7 +4897,7 @@
+ 			} else {
+ 				if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ 					printf("pf: OK ICMP %d:%d ",
+-					    icmptype, pd->hdr.icmp->icmp_code);
+					    icmptype, icmpcode);
+ 					pf_print_host(pd->src, 0, pd->af);
+ 					printf(" -> ");
+ 					pf_print_host(pd->dst, 0, pd->af);