[src/netbsd-8]: src/crypto/dist/ipsec-tools/src/racoon Pull up following revi...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-8]: src/crypto/dist/ipsec-tools/src/racoon Pull up following revi...
From: bouyer <bouyer%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 15:09:39 +0000

details:   https://anonhg.NetBSD.org/src/rev/d85e6254323e
branches:  netbsd-8
changeset: 850984:d85e6254323e
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Thu Aug 31 08:50:57 2017 +0000

description:
Pull up following revision(s) (requested by christos in ticket #233):
        crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c: revision 1.7
PR/51682: Antoine Beaupr?: Simplify and comment previous patch.
XXX: pullup-8

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c |  15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diffs (48 lines):

diff -r b891613e6246 -r d85e6254323e crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c  Thu Aug 31 08:43:41 2017 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c  Thu Aug 31 08:50:57 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_frag.c,v 1.6 2017/01/24 19:23:31 christos Exp $ */
+/*     $NetBSD: isakmp_frag.c,v 1.6.4.1 2017/08/31 08:50:57 bouyer Exp $       */
 
 /* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
 
@@ -179,20 +179,26 @@
        struct isakmp_frag_item *pitem = NULL;
        struct isakmp_frag_item *citem = iph1->frag_chain;
 
+       /* no frag yet, just insert at beginning of list */
        if (iph1->frag_chain == NULL) {
                iph1->frag_chain = item;
                return 0;
        }
 
        do {
+               /* duplicate fragment number, abort (CVE-2016-10396) */
                if (citem->frag_num == item->frag_num)
                        return -1;
 
+               /* need to insert before current item */
                if (citem->frag_num > item->frag_num) {
-                       if (pitem)
+                       if (pitem != NULL)
                                pitem->frag_next = item;
+                       else
+                               /* insert at the beginning of the list  */
+                               iph1->frag_chain = item;
                        item->frag_next = citem;
-                       break;
+                       return 0;
                }
 
                pitem = citem;
@@ -200,8 +206,7 @@
        } while (citem != NULL);
 
        /* we reached the end of the list, insert */
-       if (citem == NULL)
-             pitem->frag_next = item;
+       pitem->frag_next = item;
        return 0;
 }

Prev by Date: [src/netbsd-8]: src/sys apply paych, requested by maxv in ticket #237:
Next by Date: [src/netbsd-8]: src/sys/dev Pull up following revision(s) (requested by nat i...
Previous by Thread: [src/netbsd-8]: src/sys apply paych, requested by maxv in ticket #237:
Next by Thread: [src/netbsd-8]: src/sys/dev Pull up following revision(s) (requested by nat i...
Indexes:

Home | Main Index | Thread Index | Old Index