HomeFreeBSD

Make user supplied data checks a bit stricter.

Description

Make user supplied data checks a bit stricter.

key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
http://www.kame.net/newsletter/20021210/

and our libipsec is usually used to create the correct request.
Add additional checks:

  • that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
  • that src/dst's sa_len is the same
  • that 2*sa_len is not out of bounds of user supplied buffer
  • that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by: Ilja van Sprundel
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D11796

Details

Committed
aeAug 9 2017, 7:58 PM
Differential Revision
D11796: Do stricter checks in the msg2sp() function
Parents
rS322327: Add a dependency on the kernel package for the runtime package.
Branches
Unknown
Tags
Unknown