Paths

Table of Contentst

ipsec esp: avoid dereferencing freed secasindex
ClosedPublic
Actions

Authored by kib on Feb 25 2024, 10:37 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Tue, Aug 26, 10:30 AM

	Unknown Object (File)
	Mon, Aug 11, 7:43 PM

	Unknown Object (File)
	Mon, Aug 11, 12:57 AM

	Unknown Object (File)
	Sun, Aug 10, 4:12 AM

	Unknown Object (File)
	Wed, Aug 6, 9:07 PM

	Unknown Object (File)
	Jul 21 2025, 1:43 AM

	Unknown Object (File)
	Jul 20 2025, 7:45 PM

	Unknown Object (File)
	Jul 20 2025, 7:45 PM

Subscribers

Details

Reviewers

ae
jhb

Commits

rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex

Summary

It is possible that SA was removed while processing packed, in which
case it changed to the DEAD state and it index removed from the tree.
Dereferencing sav->sah then touches freed memory.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kib created this revision.Feb 25 2024, 10:37 AM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptFeb 25 2024, 10:37 AM

kib requested review of this revision.Feb 25 2024, 10:37 AM

Probably we should increase esps_notdb or esps_invalid counter here.

This revision is now accepted and ready to land.Feb 26 2024, 7:40 AM

Update counter, add debug printf for the situation.

This revision now requires review to proceed.Feb 26 2024, 10:04 AM

ae accepted this revision.Feb 26 2024, 2:17 PM

This revision is now accepted and ready to land.Feb 26 2024, 2:17 PM

Closed by commit rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex (authored by kib). · Explain WhyFeb 26 2024, 2:28 PM

This revision was automatically updated to reflect the committed changes.

kib added a commit: rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex.

Revision Contents
Changeset List

Path

Size

sys/

netipsec/

xform_esp.c

7 lines

Diff 135009

View Options

ipsec esp: avoid dereferencing freed secasindexClosedPublicActions