CVS commit: [netbsd-6] src/sys/netipsec

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-6] src/sys/netipsec
From: "Martin Husemann" <martin%netbsd.org@localhost>
Date: Thu, 3 May 2018 14:33:30 +0000

Module Name:    src
Committed By:   martin
Date:           Thu May  3 14:33:30 UTC 2018

Modified Files:
        src/sys/netipsec [netbsd-6]: ipsec_output.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1546):

        sys/netipsec/ipsec_output.c: revision 1.67,1.75 (via patch)

Strengthen this check, to make sure there is room for an ip6_ext structure.
Seems possible to crash m_copydata here (but I didn't test more than that).

Fix the checks in compute_ipsec_pos, otherwise m_copydata could crash. I
already fixed half of the problem two months ago in rev1.67, back then I
thought it was not triggerable because each packet we emit is guaranteed
to have correctly formed IPv6 options; but it is actually triggerable via
IPv6 forwarding, we emit a packet we just received, and we don't sanitize
its options before invoking IPsec.

Since it would be wrong to just stop the iteration and continue the IPsec
processing, allow compute_ipsec_pos to fail, and when it does, drop the
packet entirely.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.38.2.1 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/sys
Next by Date: CVS commit: [netbsd-6-1] src/sys/netipsec
Previous by Thread: CVS commit: src/sys/sys
Next by Thread: CVS commit: [netbsd-6-1] src/sys/netipsec
Indexes:

Home | Main Index | Thread Index | Old Index