SVNews r322328

NOTE: This service is experimental and subject to change! Use at your own risk!

2017-08-09 19:58:38 - r322328 by ae (Andrey V. Elsukov)

Complete list of files affected by revision r322328:

(Note: At the moment, these links point to ViewVC on They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /head/sys/netipsec/key.c  

Commit message:

Make user supplied data checks a bit stricter.

key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here

and our libipsec is usually used to create the correct request.
Add additional checks:
* that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
* that src/dst's sa_len is the same
* that 2*sa_len is not out of bounds of user supplied buffer
* that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by: Ilja van Sprundel
MFC after: 1 week
Differential Revision:


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 29 ms, 1 file printed. Current time is 2018-03-21 22:13:15. All times are in UTC/GMT.