Page MenuHomeFreeBSD

Do stricter checks in the msg2sp() function
ClosedPublic

Authored by ae on Jul 31 2017, 4:44 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 23, 10:32 AM
Unknown Object (File)
Jan 28 2024, 7:39 PM
Unknown Object (File)
Dec 22 2023, 10:56 PM
Unknown Object (File)
Dec 21 2023, 2:55 AM
Unknown Object (File)
Nov 22 2023, 7:04 PM
Unknown Object (File)
Nov 22 2023, 6:45 PM
Unknown Object (File)
Nov 22 2023, 4:49 PM
Unknown Object (File)
Nov 13 2023, 11:40 AM
Subscribers

Details

Summary

This patch should fix the IPsec related problem described in the DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf

Actually, this IP[V6]_IPSEC_POLICY socket option is available only for privileged user, and when you are root user, you have many much easiest ways to crash the system. But anyway it is better to fix it.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was automatically updated to reflect the committed changes.