Hi. pfioctl() needs to ignore unknown af supplied from userland (root only) which can lead to kernel panic.
This fixes syzbot+92be143c2dd1746cf...@syzkaller.appspotmail.com https://syzkaller.appspot.com/bug?id=18bd5fa9e22c139d0a4c34dd6c7c1f3fd6eec42a -- Ben Index: pf_ioctl.c =================================================================== RCS file: /cvs/src/sys/net/pf_ioctl.c,v retrieving revision 1.347 diff -u -p -r1.347 pf_ioctl.c --- pf_ioctl.c 26 Nov 2019 19:57:52 -0000 1.347 +++ pf_ioctl.c 8 Jan 2020 17:33:26 -0000 @@ -1807,6 +1807,18 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a int m = 0, direction = pnl->direction; int sidx, didx; + switch (pnl->af) { + case AF_INET: + break; +#ifdef INET6 + case AF_INET6: + break; +#endif /* INET6 */ + default: + error = EINVAL; + goto fail; + } + /* NATLOOK src and dst are reversed, so reverse sidx/didx */ sidx = (direction == PF_IN) ? 1 : 0; didx = (direction == PF_IN) ? 0 : 1;
