Return error code if no matching SA was found
ClosedPublic
Actions

Authored by wma on Jul 2 2021, 4:41 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Feb 7 2024, 4:41 PM

	Unknown Object (File)
	Jan 24 2024, 3:30 AM

	Unknown Object (File)
	Dec 21 2023, 3:07 PM

	Unknown Object (File)
	Dec 20 2023, 4:38 AM

	Unknown Object (File)
	Sep 9 2023, 10:55 AM

	Unknown Object (File)
	Aug 19 2023, 9:00 PM

	Unknown Object (File)
	Jul 13 2023, 5:42 AM

	Unknown Object (File)
	Jul 11 2023, 2:15 PM

View All 15 Files

Subscribers

melifaro

Details

Reviewers

imp
mw
np
tuexen

Commits

rGa16771de4c1e: ipsec: Return error code if no matching SA was found

Summary

If we matched SP to a packet, but no associated SA was found
ipsec4_allocsa will return NULL while setting error=0.
This resulted in use after free and potential kernel panic.
Return EINPROGRESS if the case described above instead.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

wma created this revision.Jul 2 2021, 4:41 AM

Herald added subscribers: melifaro, ae. · View Herald TranscriptJul 2 2021, 4:41 AM

wma requested review of this revision.Jul 2 2021, 4:41 AM

This revision was not accepted when it landed; it landed in state Needs Review.Aug 13 2021, 7:37 AM

Closed by commit rGa16771de4c1e: ipsec: Return error code if no matching SA was found (authored by kd, committed by wma). · Explain Why

This revision was automatically updated to reflect the committed changes.

wma added a commit: rGa16771de4c1e: ipsec: Return error code if no matching SA was found.

Revision Contents
Changeset List

Path

Size

sys/

netipsec/

ipsec_output.c

6 lines

Diff 93635

View Options

sys/netipsec/ipsec_output.c

Return error code if no matching SA was foundClosedPublicActions