freebsd-skq/sys/netinet
ae 5a6412a276 Fix possible use after free due to security policy deletion.
When we are passing mbuf to IPSec processing via ipsec[46]_process_packet(),
we hold one reference to security policy and release it just after return
from this function. But IPSec processing can be deffered and when we release
reference to security policy after ipsec[46]_process_packet(), user can
delete this security policy from SPDB. And when IPSec processing will be
done, xform's callback function will do access to already freed memory.

To fix this move KEY_FREESP() into callback function. Now IPSec code will
release reference to SP after processing will be finished.

Differential Revision:	https://reviews.freebsd.org/D2324
No objections from:	#network
Sponsored by:	Yandex LLC
2015-04-27 00:55:56 +00:00
..
cc DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
khelp The TCP PAWS fix for kernels with fast tick rates (r231767) changed the TCP 2012-08-17 01:49:51 +00:00
libalias mdoc: fix rendering issues 2015-04-26 11:39:25 +00:00
accf_data.c
accf_dns.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
accf_http.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
cc.h DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
icmp6.h Implement Enhanced DAD algorithm for IPv6 described in 2015-03-02 17:30:26 +00:00
icmp_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
if_atm.c The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare 2013-10-26 17:58:36 +00:00
if_atm.h
if_ether.c lla_lookup() can directly call llentry_free() for static entries 2015-03-07 18:33:08 +00:00
if_ether.h Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
igmp_var.h - Rename 'struct igmp_ifinfo' into 'struct igmp_ifsoftc', since it really 2015-02-19 22:35:23 +00:00
igmp.c Improve patch for SA-15:04.igmp to solve a potential buffer overflow. 2015-04-07 20:20:03 +00:00
igmp.h
in_cksum.c
in_debug.c
in_gif.c Extern declarations in C files loses compile-time checking that 2014-12-25 21:32:37 +00:00
in_kdtrace.c dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
in_kdtrace.h dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
in_mcast.c Fix build with KTR after r278978. 2015-02-19 15:41:23 +00:00
in_pcb.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_pcb.h Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
in_pcbgroup.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_proto.c Finish r274118: remove useless fields from struct domain. 2014-11-06 14:39:04 +00:00
in_rmx.c Kill custom in_matroute() radix mathing function removing one rte mutex lock. 2014-11-11 02:52:40 +00:00
in_rss.c Correctly const-ify things. 2015-03-18 04:40:36 +00:00
in_rss.h Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in_systm.h Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
in_var.h Move all code related to IP fragment reassembly to ip_reass.c. Some 2015-04-10 06:02:37 +00:00
in.c Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
in.h Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
ip6.h Eliminate use of M_EXT in IP6_EXTHDR_CHECK() by trimming a redundant 2014-10-05 06:28:53 +00:00
ip_carp.c Improve carp(4) locking: 2015-04-21 20:25:12 +00:00
ip_carp.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_divert.c Update ip_divert.ko to depend on version 3 of ipfw. 2014-10-11 16:08:54 +00:00
ip_divert.h
ip_dummynet.h ECN marking implenetation for dummynet. 2014-06-01 07:28:24 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_encap.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_fastfwd.c Remove incorrect layering violating code that: 2015-01-12 09:41:12 +00:00
ip_fw.h Fix `ipfw fwd tablearg'. Use dedicated field nh4 in struct table_value 2015-03-13 09:03:25 +00:00
ip_gre.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip_icmp.c Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
ip_icmp.h Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
ip_id.c Provide a comment explaining issues with the counter(9) trick, so that 2015-04-02 14:22:59 +00:00
ip_input.c Attempt to fix build after 281351 by defining full prototype for the 2015-04-11 01:06:59 +00:00
ip_ipsec.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
ip_ipsec.h Remove flag/flags argument from the following functions: 2014-12-11 18:35:34 +00:00
ip_mroute.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip_mroute.h
ip_options.c Use M_WRITABLE() and M_LEADINGSPACE() rather than checking M_EXT and 2015-01-06 14:32:28 +00:00
ip_options.h Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and 2014-09-15 07:20:40 +00:00
ip_output.c Extend fixes made in r278103 and r38754 by copying the complete packet 2015-04-02 15:47:37 +00:00
ip_reass.c Fix RSS build - netisr input / NETISR_IP_DIRECT is used here. 2015-04-15 00:57:21 +00:00
ip_var.h o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
ip.h Change struct attribute to avoid aligned operations mismatch 2015-02-24 12:57:03 +00:00
pim_var.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
pim.h
raw_ip.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
sctp_asconf.c Add protection code to free memory in case of processing an address which 2015-01-18 20:53:20 +00:00
sctp_asconf.h
sctp_auth.c Make sure that we don't free an SCTP shared key too early. 2015-03-25 22:45:54 +00:00
sctp_auth.h Use a consistent type for the number of HMAC algorithms. 2014-09-16 14:20:33 +00:00
sctp_bsd_addr.c Minimize the usage of SCTP_BUF_IS_EXTENDED. 2015-01-10 20:49:57 +00:00
sctp_bsd_addr.h
sctp_cc_functions.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_constants.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_crc32.c
sctp_crc32.h
sctp_dtrace_declare.h - For kernel compiled only with KDTRACE_HOOKS and not any lock debugging 2013-11-25 07:38:45 +00:00
sctp_dtrace_define.h dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
sctp_header.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_indata.c Don't panic under INVARIANTS when receiving a SACK which cumacks 2015-04-26 21:47:15 +00:00
sctp_indata.h
sctp_input.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_input.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_lock_bsd.h
sctp_os_bsd.h Update a comment to get it aligned with the code change. 2015-03-11 15:40:29 +00:00
sctp_os.h
sctp_output.c o Use new function ip_fillid() in all places throughout the kernel, 2015-04-01 22:26:39 +00:00
sctp_output.h Ensure that the list of streams sent in a stream reset parameter fits 2014-10-08 15:30:59 +00:00
sctp_pcb.c Fix two bugs which resulted in a screwed up end point list: 2015-03-24 21:12:45 +00:00
sctp_pcb.h Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_peeloff.c Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctp_peeloff.h
sctp_ss_functions.c
sctp_structs.h Improve the selection of the destination address of SACK chunks. 2015-03-26 22:05:31 +00:00
sctp_syscalls.c Replace struct filedesc argument in getsock_cap with struct thread 2015-04-11 16:00:33 +00:00
sctp_sysctl.c Remove comparisons which are not necessary. 2015-01-20 19:08:55 +00:00
sctp_sysctl.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_timer.c Fix a typo. 2015-03-10 09:16:31 +00:00
sctp_timer.h
sctp_uio.h Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS 2014-08-13 15:50:16 +00:00
sctp_usrreq.c Use the reference count of the right SCTP inp. 2015-03-25 21:41:20 +00:00
sctp_var.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
sctp.h Add a SCTP socket option to limit the cwnd for each path. 2015-03-10 19:49:25 +00:00
sctputil.c Fix an accounting bug related to the per stream chunk counter. 2015-03-24 14:51:46 +00:00
sctputil.h Minimize the usage of SCTP_BUF_IS_EXTENDED. 2015-01-10 20:49:57 +00:00
siftr.c The addition of flowid and flowtype in r280233 and r280237 respectively forgot 2015-03-24 15:08:43 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Go back to using sbuf_new() with a preallocated large buffer, to avoid 2015-03-14 23:57:33 +00:00
tcp_hostcache.h Add scope zone id to the in_endpoints and hc_metrics structures. 2014-09-10 16:26:18 +00:00
tcp_input.c DCTCP (Data Center TCP) implementation. 2015-01-12 08:33:04 +00:00
tcp_lro.c Merge r254336 from user/np/cxl_tuning. 2013-08-28 23:00:34 +00:00
tcp_lro.h Merge r254336 from user/np/cxl_tuning. 2013-08-28 23:00:34 +00:00
tcp_offload.c The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare 2013-10-26 17:58:36 +00:00
tcp_offload.h
tcp_output.c To ease changes to underlying mbuf structure and the mbuf allocator, reduce 2015-01-05 09:58:32 +00:00
tcp_reass.c Merge from projects/sendfile: extend protocols API to support 2014-11-30 13:24:21 +00:00
tcp_sack.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_seq.h
tcp_subr.c Fix possible reference leak. 2015-04-24 21:05:29 +00:00
tcp_syncache.c Make syncookie_mac() use 'tcp_seq irs' in computing hash. 2015-01-30 17:29:07 +00:00
tcp_syncache.h Introduce spares in the TCP syncache and timewait structures 2013-09-21 10:01:51 +00:00
tcp_timer.c Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp_timer.h Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp_timewait.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_usrreq.c In TCP, connect() can return incorrect error code EINVAL 2015-03-09 20:29:16 +00:00
tcp_var.h Fix an old and well-documented use-after-free race condition in 2015-04-16 10:00:06 +00:00
tcp.h
tcpip.h
toecore.c Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
toecore.h
udp_usrreq.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
udp_var.h Add context pointer and source address to the UDP tunnel callback 2014-10-10 06:08:59 +00:00
udp.h
udplite.h Add support for UDP-Lite protocol (RFC 3828) to IPv4 and IPv6 stacks. 2014-04-07 01:53:03 +00:00