Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [netbsd-7] src/sys/netipsec
Module Name: src
Committed By: martin
Date: Thu May 3 14:47:22 UTC 2018
Modified Files:
src/sys/netipsec [netbsd-7]: ipsec_output.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1600):
sys/netipsec/ipsec_output.c: revision 1.67,1.75 (via patch)
Strengthen this check, to make sure there is room for an ip6_ext structure.
Seems possible to crash m_copydata here (but I didn't test more than that).
Fix the checks in compute_ipsec_pos, otherwise m_copydata could crash. I
already fixed half of the problem two months ago in rev1.67, back then I
thought it was not triggerable because each packet we emit is guaranteed
to have correctly formed IPv6 options; but it is actually triggerable via
IPv6 forwarding, we emit a packet we just received, and we don't sanitize
its options before invoking IPsec.
Since it would be wrong to just stop the iteration and continue the IPsec
processing, allow compute_ipsec_pos to fail, and when it does, drop the
packet entirely.
To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.40.4.1 src/sys/netipsec/ipsec_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index