[src/netbsd-2-0]: src/sys/netipsec Pull up following revision(s) (requested b...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/cc9265f89074
branches:  netbsd-2-0
changeset: 564959:cc9265f89074
user:      riz <riz%NetBSD.org@localhost>
date:      Thu Mar 30 15:31:06 2006 +0000

description:
Pull up following revision(s) (requested by rpaulo in ticket #10384):
        sys/netipsec/xform_esp.c: revision 1.8
FreeBSD SA-06:11 and CVE-2006-0905: update the replay sequence number
or else the anti-reply technique won't work as expected.

diffstat:

 sys/netipsec/xform_esp.c |  21 +++++++++++++++++++--
 1 files changed, 19 insertions(+), 2 deletions(-)

diffs (42 lines):

diff -r ddbead36d386 -r cc9265f89074 sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c  Tue Mar 28 23:24:05 2006 +0000
+++ b/sys/netipsec/xform_esp.c  Thu Mar 30 15:31:06 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_esp.c,v 1.5 2004/03/17 00:21:43 jonathan Exp $   */
+/*     $NetBSD: xform_esp.c,v 1.5.2.1 2006/03/30 15:31:06 riz Exp $    */
 /*     $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $  */
 /*     $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.5 2004/03/17 00:21:43 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.5.2.1 2006/03/30 15:31:06 riz Exp $");
 
 #include "opt_inet.h"
 #ifdef __FreeBSD__
@@ -568,6 +568,23 @@
         */
        m->m_flags |= M_DECRYPTED;
 
+       /*
+        * Update replay sequence number, if appropriate.
+        */
+       if (sav->replay) {
+               u_int32_t seq;
+
+               m_copydata(m, skip + offsetof(struct newesp, esp_seq),
+                   sizeof (seq), (caddr_t) &seq);
+               if (ipsec_updatereplay(ntohl(seq), sav)) {
+                       DPRINTF(("%s: packet replay check for %s\n", __func__,
+                           ipsec_logsastr(sav)));
+                       espstat.esps_replay++;
+                       error = ENOBUFS;
+                       goto bad;
+               }
+       }
+
        /* Determine the ESP header length */
        if (sav->flags & SADB_X_EXT_OLD)
                hlen = sizeof (struct esp) + sav->ivlen;