Page MenuHomeFreeBSD

Do stricter checks in the msg2sp() function
ClosedPublic

Authored by ae on Jul 31 2017, 4:44 PM.

Details

Summary

This patch should fix the IPsec related problem described in the DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf

Actually, this IP[V6]_IPSEC_POLICY socket option is available only for privileged user, and when you are root user, you have many much easiest ways to crash the system. But anyway it is better to fix it.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ae created this revision.Jul 31 2017, 4:44 PM
This revision was automatically updated to reflect the committed changes.