freebsd-nq/sys/netipsec
Andrey V. Elsukov 055679e67e Adopt revision 1.76 and 1.77 from NetBSD:
Fix a vulnerability in IPsec-IPv6-AH, that allows an attacker to remotely
  crash the kernel with a single packet.

  In this loop we need to increment 'ad' by two, because the length field
  of the option header does not count the size of the option header itself.

  If the length is zero, then 'count' is incremented by zero, and there's
  an infinite loop. Beyond that, this code was written with the assumption
  that since the IPv6 packet already went through the generic IPv6 option
  parser, several fields are guaranteed to be valid; but this assumption
  does not hold because of the missing '+2', and there's as a result a
  triggerable buffer overflow (write zeros after the end of the mbuf,
  potentially to the next mbuf in memory since it's a pool).

  Add the missing '+2', this place will be reinforced in separate commits.

Reported by:	Maxime Villard <maxv at NetBSD.org>
MFC after:	1 week
2018-01-24 19:48:25 +00:00
..
ah_var.h
ah.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
esp_var.h
esp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ipsec_mod.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_output.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ipsec_pcb.c Fix SP refcount leak. 2017-04-26 00:34:05 +00:00
ipsec_support.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_debug.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key.c Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
key.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
keydb.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
keysock.c sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
keysock.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
subr_ipsec.c Fix LINT build for powerpc. 2017-02-16 11:38:50 +00:00
udpencap.c Fix possible double releasing for SA reference. 2017-09-01 11:51:07 +00:00
xform_ah.c Adopt revision 1.76 and 1.77 from NetBSD: 2018-01-24 19:48:25 +00:00
xform_esp.c Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
xform_ipcomp.c Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
xform_tcp.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
xform.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00