freebsd-skq/sys/netipsec
Mark Johnston f161d294b9 Add missing sockaddr length and family validation to various protocols
Several protocol methods take a sockaddr as input.  In some cases the
sockaddr lengths were not being validated, or were validated after some
out-of-bounds accesses could occur.  Add requisite checking to various
protocol entry points, and convert some existing checks to assertions
where appropriate.

Reported by:	syzkaller+KASAN
Reviewed by:	tuexen, melifaro
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29519
2021-05-03 13:35:19 -04:00
..
ah_var.h
ah.h
esp_var.h
esp.h
ipcomp_var.h
ipcomp.h
ipsec6.h
ipsec_input.c
ipsec_mbuf.c
ipsec_mod.c
ipsec_output.c Convert unmapped mbufs before computing checksums in IPsec. 2021-01-19 11:52:00 -08:00
ipsec_pcb.c
ipsec_support.h
ipsec.c
ipsec.h
key_debug.c
key_debug.h
key_var.h
key.c Trigger soft lifetime expiration on sequence number 2020-10-16 11:27:01 +00:00
key.h
keydb.h
keysock.c Add missing sockaddr length and family validation to various protocols 2021-05-03 13:35:19 -04:00
keysock.h
subr_ipsec.c
udpencap.c
xform_ah.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_esp.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_ipcomp.c
xform_tcp.c
xform.h