Page MenuHomeFreeBSD
Differential D31890

ipsec: Validate the protocol identifier in ipsec4_ctlinput()
ClosedPublic
Actions

Authored by markj on Sep 9 2021, 5:11 PM.
Tags
None
Referenced Files
F81981963: D31890.diff
Wed, Apr 24, 2:43 AM
Unknown Object (File)
Sat, Apr 20, 4:41 AM
Unknown Object (File)
Thu, Mar 28, 3:02 PM
Unknown Object (File)
Feb 15 2024, 9:15 PM
Unknown Object (File)
Dec 23 2023, 2:37 AM
Unknown Object (File)
Dec 20 2023, 4:57 AM
Unknown Object (File)
Dec 14 2023, 8:40 PM
Unknown Object (File)
Nov 16 2023, 1:46 AM
View All 25 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
ae
Commits
rG10eb2a2bde61: ipsec: Validate the protocol identifier in ipsec4_ctlinput()
Summary

key_allocsa() expects to handle only IPSec protocols and has an
assertion to this effect. However, ipsec4_ctlinput() has to handle
messages from ICMP unreachable packets and was not validating the
protocol number. In practice I believe such a packet would simply fail
to match any SADB entries and would thus be ignored.

Reported by: syzbot+6a9ef6fcfadb9f3877fe@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41446
Build 38335: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
netipsec/
8 lines

Diff 94924

View Options

sys/netipsec/ipsec_input.c

Loading...