Page MenuHomeFreeBSD

ipsec: Validate the protocol identifier in ipsec4_ctlinput()
ClosedPublic

Authored by markj on Sep 9 2021, 5:11 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 9, 11:42 PM
Unknown Object (File)
Nov 8 2024, 1:25 AM
Unknown Object (File)
Oct 30 2024, 4:20 PM
Unknown Object (File)
Oct 19 2024, 8:39 AM
Unknown Object (File)
Sep 30 2024, 1:37 AM
Unknown Object (File)
Sep 28 2024, 10:33 PM
Unknown Object (File)
Sep 27 2024, 8:06 AM
Unknown Object (File)
Sep 23 2024, 10:29 PM
Subscribers

Details

Summary

key_allocsa() expects to handle only IPSec protocols and has an
assertion to this effect. However, ipsec4_ctlinput() has to handle
messages from ICMP unreachable packets and was not validating the
protocol number. In practice I believe such a packet would simply fail
to match any SADB entries and would thus be ignored.

Reported by: syzbot+6a9ef6fcfadb9f3877fe@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41446
Build 38335: arc lint + arc unit