d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/sys/netipsec
History
Mark Johnston 10eb2a2bde ipsec: Validate the protocol identifier in ipsec4_ctlinput() 
key_allocsa() expects to handle only IPSec protocols and has an
assertion to this effect.  However, ipsec4_ctlinput() has to handle
messages from ICMP unreachable packets and was not validating the
protocol number.  In practice such a packet would simply fail to match
any SADB entries and would thus be ignored.

Reported by:	syzbot+6a9ef6fcfadb9f3877fe@syzkaller.appspotmail.com
Reviewed by:	ae
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31890
2021-09-10 09:09:00 -04:00
..
ah_var.h
ah.h
esp_var.h
esp.h
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec: Handle ICMP NEEDFRAG message.
2021-08-09 12:01:46 +02:00
ipsec_input.c
ipsec: Validate the protocol identifier in ipsec4_ctlinput()
2021-09-10 09:09:00 -04:00
ipsec_mbuf.c
Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>.
2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec: Handle ICMP NEEDFRAG message.
2021-08-09 12:01:46 +02:00
ipsec_output.c
ipsec: Return error code if no matching SA was found
2021-08-13 09:35:08 +02:00
ipsec_pcb.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
ipsec_support.h
ipsec: Handle ICMP NEEDFRAG message.
2021-08-09 12:01:46 +02:00
ipsec.c
ipsec: Check PMTU before sending a frame.
2021-08-13 09:22:24 +02:00
ipsec.h
ipsec: Check PMTU before sending a frame.
2021-08-13 09:22:24 +02:00
key_debug.c
Implement anti-replay algorithm with ESN support
2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
key.c
ipsec: fix race condition in key.c
2021-08-13 12:52:38 +02:00
key.h
keydb.h
netipsec/keydb.h: fix typo
2021-08-10 03:45:36 +03:00
keysock.c
socket: Implement SO_RERROR
2021-07-28 09:35:09 -07:00
keysock.h
subr_ipsec.c
ipsec: Handle ICMP NEEDFRAG message.
2021-08-09 12:01:46 +02:00
udpencap.c
net: clean up empty lines in .c and .h files
2020-09-01 21:19:14 +00:00
xform_ah.c
opencrypto: Introduce crypto_dispatch_async()
2021-02-08 09:19:19 -05:00
xform_esp.c
opencrypto: Introduce crypto_dispatch_async()
2021-02-08 09:19:19 -05:00
xform_ipcomp.c
Simplify IPsec transform-specific teardown.
2020-06-25 23:59:16 +00:00
xform_tcp.c
Simplify IPsec transform-specific teardown.
2020-06-25 23:59:16 +00:00
xform.h
Simplify IPsec transform-specific teardown.
2020-06-25 23:59:16 +00:00