Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys/netipsec Pull up following revision(s) (requested by ...
details: https://anonhg.NetBSD.org/src/rev/bf6c7ddf9ae9
branches: netbsd-8
changeset: 434791:bf6c7ddf9ae9
user: martin <martin%NetBSD.org@localhost>
date: Fri Mar 30 11:45:58 2018 +0000
description:
Pull up following revision(s) (requested by maxv in ticket #667):
sys/netipsec/ipsec_input.c: revision 1.54
ipsec4_fixup_checksum calls m_pullup, so don't forget to do mtod() again,
to prevent use-after-free.
In fact, the m_pullup call is never reached: it is impossible for 'skip'
to be zero in this function, so add an XXX for now.
diffstat:
sys/netipsec/ipsec_input.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diffs (34 lines):
diff -r 2c7fd0bd3938 -r bf6c7ddf9ae9 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Fri Mar 30 11:42:59 2018 +0000
+++ b/sys/netipsec/ipsec_input.c Fri Mar 30 11:45:58 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.43.2.3 2018/03/06 09:21:35 martin Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.43.2.4 2018/03/30 11:45:58 martin Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.43.2.3 2018/03/06 09:21:35 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.43.2.4 2018/03/30 11:45:58 martin Exp $");
/*
* IPsec input processing.
@@ -370,6 +370,7 @@
ip->ip_sum = 0;
ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
} else {
+ /* XXX this branch is never taken */
ip = mtod(m, struct ip *);
}
@@ -381,6 +382,7 @@
m = ipsec4_fixup_checksum(m);
if (m == NULL)
goto cantpull;
+ ip = mtod(m, struct ip *);
prot = ip->ip_p;
Home |
Main Index |
Thread Index |
Old Index