SVNews r322328

NOTE: This service is experimental and subject to change! Use at your own risk!

2017-08-09 19:58:38 - r322328 by ae (Andrey V. Elsukov)

Complete list of files affected by revision r322328:

(Note: At the moment, these links point to ViewVC on svn.freebsd.org. They are probably slow. Do not overuse.)

  History   Contents   Diff   MODIFY   /head/sys/netipsec/key.c  

Commit message:

Make user supplied data checks a bit stricter.

key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
  http://www.kame.net/newsletter/20021210/

and our libipsec is usually used to create the correct request.
Add additional checks:
* that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
* that src/dst's sa_len is the same
* that 2*sa_len is not out of bounds of user supplied buffer
* that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by: Ilja van Sprundel
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D11796

 


Powered by Python FreeBSD support by secnetix GmbH & Co. KG

Page generated in 27 ms, 1 file printed. Current time is 2017-12-16 11:12:40. All times are in UTC/GMT.