[src/trunk]: src/sys/netipsec Adapt rev1.75, suggested by Alexander Bluhm. Re...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/baeb976fce94
branches:  trunk
changeset: 323108:baeb976fce94
user:      maxv <maxv%NetBSD.org@localhost>
date:      Thu May 31 15:06:45 2018 +0000

description:
Adapt rev1.75, suggested by Alexander Bluhm. Relax the checks to allow
protocols smaller than two bytes (only IPPROTO_NONE). While here style.

diffstat:

 sys/netipsec/ipsec_output.c |  35 +++++++++++++++++++----------------
 1 files changed, 19 insertions(+), 16 deletions(-)

diffs (82 lines):

diff -r fc711fd795d5 -r baeb976fce94 sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c       Thu May 31 13:51:56 2018 +0000
+++ b/sys/netipsec/ipsec_output.c       Thu May 31 15:06:45 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_output.c,v 1.79 2018/05/31 07:03:57 maxv Exp $   */
+/*     $NetBSD: ipsec_output.c,v 1.80 2018/05/31 15:06:45 maxv Exp $   */
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.79 2018/05/31 07:03:57 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.80 2018/05/31 15:06:45 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -624,39 +624,39 @@
         *     IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
         */
        while (1) {
-               if (*i + sizeof(ip6e) > m->m_pkthdr.len) {
-                       return EINVAL;
-               }
-
                switch (nxt) {
                case IPPROTO_AH:
                case IPPROTO_ESP:
                case IPPROTO_IPCOMP:
-               /*
-                * we should not skip security header added
-                * beforehand.
-                */
+                       /*
+                        * We should not skip security header added
+                        * beforehand.
+                        */
                        return 0;
 
                case IPPROTO_HOPOPTS:
                case IPPROTO_DSTOPTS:
                case IPPROTO_ROUTING:
-               /*
-                * if we see 2nd destination option header,
-                * we should stop there.
-                */
+                       if (*i + sizeof(ip6e) > m->m_pkthdr.len) {
+                               return EINVAL;
+                       }
+
+                       /*
+                        * If we see 2nd destination option header,
+                        * we should stop there.
+                        */
                        if (nxt == IPPROTO_DSTOPTS && dstopt)
                                return 0;
 
                        if (nxt == IPPROTO_DSTOPTS) {
                                /*
-                                * seen 1st or 2nd destination option.
+                                * Seen 1st or 2nd destination option.
                                 * next time we see one, it must be 2nd.
                                 */
                                dstopt = 1;
                        } else if (nxt == IPPROTO_ROUTING) {
                                /*
-                                * if we see destination option next
+                                * If we see destination option next
                                 * time, it must be dest2.
                                 */
                                dstopt = 2;
@@ -667,6 +667,9 @@
                        nxt = ip6e.ip6e_nxt;
                        *off = *i + offsetof(struct ip6_ext, ip6e_nxt);
                        *i += (ip6e.ip6e_len + 1) << 3;
+                       if (*i > m->m_pkthdr.len) {
+                               return EINVAL;
+                       }
                        break;
                default:
                        return 0;