d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3d80e82d60
freebsd-dev/sys/netipsec
History
Andrey V. Elsukov 3d80e82d60 Fix possible use after free due to security policy deletion. 
When we are passing mbuf to IPSec processing via ipsec[46]_process_packet(),
we hold one reference to security policy and release it just after return
from this function. But IPSec processing can be deffered and when we release
reference to security policy after ipsec[46]_process_packet(), user can
delete this security policy from SPDB. And when IPSec processing will be
done, xform's callback function will do access to already freed memory.

To fix this move KEY_FREESP() into callback function. Now IPSec code will
release reference to SP after processing will be finished.

Differential Revision:	https://reviews.freebsd.org/D2324
No objections from:	#network
Sponsored by:	Yandex LLC
2015-04-27 00:55:56 +00:00
..
ah_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
ah.h
esp_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
esp.h
ipcomp_var.h Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, 2013-07-09 10:08:13 +00:00
ipcomp.h
ipsec6.h Remove now unused mtag argument from ipsec*_common_input_cb. 2014-12-11 17:14:49 +00:00
ipsec_input.c Change ipsec_address() and ipsec_logsastr() functions to take two 2015-04-18 16:58:33 +00:00
ipsec_mbuf.c Remove route chaching support from ipsec code. It isn't used for some time. 2014-12-02 04:20:50 +00:00
ipsec_output.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
ipsec.c Change ipsec_address() and ipsec_logsastr() functions to take two 2015-04-18 16:58:33 +00:00
ipsec.h Change ipsec_address() and ipsec_logsastr() functions to take two 2015-04-18 16:58:33 +00:00
key_debug.c Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and 2014-12-24 18:34:56 +00:00
key_debug.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
key_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
key.c Fix handling of scoped IPv6 addresses in IPSec code. 2015-04-18 16:46:31 +00:00
key.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
keydb.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
keysock.c In order to reduce use of M_EXT outside of the mbuf allocator and 2015-01-06 12:59:37 +00:00
keysock.h Remove __P() macro. 2014-12-03 04:08:41 +00:00
xform_ah.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
xform_esp.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
xform_ipcomp.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
xform_tcp.c Remove route chaching support from ipsec code. It isn't used for some time. 2014-12-02 04:20:50 +00:00
xform.h Remove xform_ipip.c and code related to XF_IP4. 2015-04-18 16:38:45 +00:00