Diffusion FreeBSD src repository - subversion rS322576

MFC r322328:
rS322576
Actions

Description

MFC r322328:

Make user supplied data checks a bit stricter.

key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
	http://www.kame.net/newsletter/20021210/

and our libipsec is usually used to create the correct request.
Add additional checks:
* that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
* that src/dst's sa_len is the same
* that 2*sa_len is not out of bounds of user supplied buffer
* that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by:	Ilja van Sprundel

Details

Provenance

ae	Authored on

Parents

rS322575: Undeprecate the CONS_CURSORTYPE ioctl. It was "deprecated" in 2001,

Branches

Unknown

Tags

Unknown

Event Timeline

ae committed rS322576: MFC r322328:.Aug 16 2017, 12:01 PM

Changes (2)

Path

Size

stable/

11/

sys/

netipsec/

key.c

rS322576

View Options

stable/11/

View Options

stable/11/sys/netipsec/key.c

MFC r322328:rS322576Actions

Description

Details

Event Timeline

Changes (2)

rS322576

stable/11/

stable/11/sys/netipsec/key.c

MFC r322328:
rS322576
Actions