Diffusion FreeBSD src repository - subversion rS322328

Make user supplied data checks a bit stricter.
rS322328
Actions

Description

Make user supplied data checks a bit stricter.

key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
http://www.kame.net/newsletter/20021210/

and our libipsec is usually used to create the correct request.
Add additional checks:

that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
that src/dst's sa_len is the same
that 2*sa_len is not out of bounds of user supplied buffer
that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by: Ilja van Sprundel
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D11796

Details

Provenance

ae	Authored on

Differential Revision

D11796: Do stricter checks in the msg2sp() function

Parents

rS322327: Add a dependency on the kernel package for the runtime package.

Branches

Unknown

Tags

Unknown

Event Timeline

ae committed rS322328: Make user supplied data checks a bit stricter..Aug 9 2017, 7:58 PM

Changes (1)

Path

Size

head/

sys/

netipsec/

key.c

rS322328

View Options