freebsd-skq/sys/netipsec
Mark Johnston f161d294b9 Add missing sockaddr length and family validation to various protocols
Several protocol methods take a sockaddr as input.  In some cases the
sockaddr lengths were not being validated, or were validated after some
out-of-bounds accesses could occur.  Add requisite checking to various
protocol entry points, and convert some existing checks to assertions
where appropriate.

Reported by:	syzkaller+KASAN
Reviewed by:	tuexen, melifaro
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29519
2021-05-03 13:35:19 -04:00
..
ah_var.h
ah.h
esp_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec_input.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec_output.c Convert unmapped mbufs before computing checksums in IPsec. 2021-01-19 11:52:00 -08:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h
ipsec.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
key.c Trigger soft lifetime expiration on sequence number 2020-10-16 11:27:01 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
keysock.c Add missing sockaddr length and family validation to various protocols 2021-05-03 13:35:19 -04:00
keysock.h
subr_ipsec.c
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform_ah.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_esp.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00