Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec mitigation for CVE-2011-1547
details: https://anonhg.NetBSD.org/src/rev/20ec2b8a6863
branches: trunk
changeset: 763726:20ec2b8a6863
user: spz <spz%NetBSD.org@localhost>
date: Fri Apr 01 08:29:29 2011 +0000
description:
mitigation for CVE-2011-1547
diffstat:
sys/netipsec/xform_ipcomp.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diffs (33 lines):
diff -r b934e866d913 -r 20ec2b8a6863 sys/netipsec/xform_ipcomp.c
--- a/sys/netipsec/xform_ipcomp.c Fri Apr 01 08:25:02 2011 +0000
+++ b/sys/netipsec/xform_ipcomp.c Fri Apr 01 08:29:29 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.25 2011/02/24 20:03:41 drochner Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.26 2011/04/01 08:29:29 spz Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.25 2011/02/24 20:03:41 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.26 2011/04/01 08:29:29 spz Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#include "opt_inet.h"
@@ -326,6 +326,14 @@
/* Keep the next protocol field */
addr = (uint8_t*) mtod(m, struct ip *) + skip;
nproto = ((struct ipcomp *) addr)->comp_nxt;
+ if (nproto == IPPROTO_IPCOMP || nproto == IPPROTO_AH || nproto == IPPROTO_ESP) {
+ IPCOMP_STATINC(IPCOMP_STAT_HDROPS);
+ DPRINTF(("ipcomp_input_cb: nested ipcomp, IPCA %s/%08lx\n",
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
+ error = EINVAL;
+ goto bad;
+ }
/* Remove the IPCOMP header */
error = m_striphdr(m, skip, hlen);
Home |
Main Index |
Thread Index |
Old Index