Differential D31890

ipsec: Validate the protocol identifier in ipsec4_ctlinput()
ClosedPublic
Actions

Authored by markj on Sep 9 2021, 5:11 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Feb 19, 5:16 PM

	Unknown Object (File)
	Feb 10 2023, 7:55 PM

	Unknown Object (File)
	Dec 30 2022, 12:28 PM

	Unknown Object (File)
	Dec 14 2022, 6:00 AM

	Unknown Object (File)
	Dec 14 2022, 2:16 AM

	Unknown Object (File)
	Dec 5 2022, 7:08 AM

Subscribers

Details

Reviewers

Commits

rG10eb2a2bde61: ipsec: Validate the protocol identifier in ipsec4_ctlinput()

Summary

key_allocsa() expects to handle only IPSec protocols and has an
assertion to this effect. However, ipsec4_ctlinput() has to handle
messages from ICMP unreachable packets and was not validating the
protocol number. In practice I believe such a packet would simply fail
to match any SADB entries and would thus be ignored.

Reported by: syzbot+6a9ef6fcfadb9f3877fe@syzkaller.appspotmail.com

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Sep 9 2021, 5:11 PM

Herald added subscribers: melifaro, ae, imp. · View Herald TranscriptSep 9 2021, 5:11 PM

markj requested review of this revision.Sep 9 2021, 5:11 PM

Harbormaster completed remote builds in B41446: Diff 94924.Sep 9 2021, 5:11 PM

markj added a reviewer: ae.Sep 9 2021, 5:12 PM

ae accepted this revision.Sep 10 2021, 12:24 PM

This revision is now accepted and ready to land.Sep 10 2021, 12:24 PM

Closed by commit rG10eb2a2bde61: ipsec: Validate the protocol identifier in ipsec4_ctlinput() (authored by markj). · Explain WhySep 10 2021, 1:10 PM

This revision was automatically updated to reflect the committed changes.

markj added a commit: rG10eb2a2bde61: ipsec: Validate the protocol identifier in ipsec4_ctlinput().

Revision Contents
Changeset List

Path

Size

sys/

netipsec/

8 lines

Diff 94949

sys/netipsec/ipsec_input.c

Loading...