CVS commit: src/sys/netipsec

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/netipsec
From: Jonathan Stone <jonathan%netbsd.org@localhost>
Date: Tue, 27 Apr 2004 23:57:19 +0000 (UTC)

Module Name:    src
Committed By:   jonathan
Date:           Tue Apr 27 23:57:19 UTC 2004

Modified Files:
        src/sys/netipsec: key.c

Log Message:
Update sys/netipsec/key.c to check for attempts to add IPv6-related
SPDs, and to warn about and reject any such attempts.

Addresses a security concern, that the (eas-yet incomplete, experimental)
FAST_IPSEC+INET6 does not honour IPv6 SPDs.  The security risk is that
Naive users may not realize this, and their data may get leaked in
cleartext, rather than IPsec'ed, if they use IPv6.

Security issue raised by: Thor Lancelot Simon
reviewed and OKed by: Thor Lancelot Simon

2.0 Pullup request after: 24 hours for further public comment.


To generate a diff of this commit:
cvs rdiff -r1.13 -r1.14 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/share/man/man4
Next by Date: CVS commit: src
Previous by Thread: CVS commit: src/share/man/man4
Next by Thread: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index