Subject: CVS commit: src/sys/netipsec
To: None <source-changes@NetBSD.org>
From: Jonathan Stone <jonathan@netbsd.org>
List: source-changes
Date: 04/27/2004 23:57:19
Module Name: src
Committed By: jonathan
Date: Tue Apr 27 23:57:19 UTC 2004
Modified Files:
src/sys/netipsec: key.c
Log Message:
Update sys/netipsec/key.c to check for attempts to add IPv6-related
SPDs, and to warn about and reject any such attempts.
Addresses a security concern, that the (eas-yet incomplete, experimental)
FAST_IPSEC+INET6 does not honour IPv6 SPDs. The security risk is that
Naive users may not realize this, and their data may get leaked in
cleartext, rather than IPsec'ed, if they use IPv6.
Security issue raised by: Thor Lancelot Simon
reviewed and OKed by: Thor Lancelot Simon
2.0 Pullup request after: 24 hours for further public comment.
To generate a diff of this commit:
cvs rdiff -r1.13 -r1.14 src/sys/netipsec/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.