Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-8]: src/sys/netipsec Pull up following revision(s) (requested by ...
details: https://anonhg.NetBSD.org/src/rev/d2c0d22435b2
branches: netbsd-8
changeset: 851440:d2c0d22435b2
user: martin <martin%NetBSD.org@localhost>
date: Tue Mar 06 09:21:35 2018 +0000
description:
Pull up following revision(s) (requested by maxv):
sys/netipsec/ipsec_input.c: revision 1.57
sys/netipsec/ipsec_input.c: revision 1.58
Extend these #ifdef notyet. The m_copydata's in these branches are wrong,
we are not guaranteed to have enough room for another struct ip, and we
may crash here. Triggerable remotely, but after authentication, by sending
an AH packet that has a one-byte-sized IPIP payload.
Argh, in my previous commit in this file I forgot to fix the IPv6
entry point; apply the same fix there.
diffstat:
sys/netipsec/ipsec_input.c | 21 ++++++++++-----------
1 files changed, 10 insertions(+), 11 deletions(-)
diffs (113 lines):
diff -r 89fac3396700 -r d2c0d22435b2 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c Tue Mar 06 08:53:41 2018 +0000
+++ b/sys/netipsec/ipsec_input.c Tue Mar 06 09:21:35 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_input.c,v 1.43.2.2 2018/02/05 14:55:16 martin Exp $ */
+/* $NetBSD: ipsec_input.c,v 1.43.2.3 2018/03/06 09:21:35 martin Exp $ */
/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
/* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.43.2.2 2018/02/05 14:55:16 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.43.2.3 2018/03/06 09:21:35 martin Exp $");
/*
* IPsec input processing.
@@ -384,14 +384,15 @@
prot = ip->ip_p;
+#ifdef notyet
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
struct ip ipn;
/* ipn will now contain the inner IPv4 header */
+ /* XXX: check m_pkthdr.len */
m_copydata(m, ip->ip_hl << 2, sizeof(struct ip), &ipn);
-#ifdef notyet
/* XXX PROXY address isn't recorded in SAH */
/*
* Check that the inner source address is the same as
@@ -420,7 +421,6 @@
error = EACCES;
goto bad;
}
-#endif /*XXX*/
}
#if INET6
/* IPv6-in-IP encapsulation. */
@@ -428,9 +428,9 @@
struct ip6_hdr ip6n;
/* ip6n will now contain the inner IPv6 header. */
+ /* XXX: check m_pkthdr.len */
m_copydata(m, ip->ip_hl << 2, sizeof(struct ip6_hdr), &ip6n);
-#ifdef notyet
/*
* Check that the inner source address is the same as
* the proxy address, if available.
@@ -458,9 +458,9 @@
error = EACCES;
goto bad;
}
-#endif /*XXX*/
}
#endif /* INET6 */
+#endif /* notyet */
key_sa_recordxfer(sav, m); /* record data transfer */
@@ -587,15 +587,16 @@
/* Save protocol */
m_copydata(m, protoff, 1, &prot);
+#ifdef notyet
#ifdef INET
/* IP-in-IP encapsulation */
if (prot == IPPROTO_IPIP) {
struct ip ipn;
/* ipn will now contain the inner IPv4 header */
+ /* XXX: check m_pkthdr.len */
m_copydata(m, skip, sizeof(struct ip), &ipn);
-#ifdef notyet
/*
* Check that the inner source address is the same as
* the proxy address, if available.
@@ -621,18 +622,16 @@
error = EACCES;
goto bad;
}
-#endif /*XXX*/
}
#endif /* INET */
-
/* IPv6-in-IP encapsulation */
if (prot == IPPROTO_IPV6) {
struct ip6_hdr ip6n;
/* ip6n will now contain the inner IPv6 header. */
+ /* XXX: check m_pkthdr.len */
m_copydata(m, skip, sizeof(struct ip6_hdr), &ip6n);
-#ifdef notyet
/*
* Check that the inner source address is the same as
* the proxy address, if available.
@@ -659,8 +658,8 @@
error = EACCES;
goto bad;
}
-#endif /*XXX*/
}
+#endif /* notyet */
key_sa_recordxfer(sav, m);
Home |
Main Index |
Thread Index |
Old Index