d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9ecab3344c
freebsd-skq/sys
History
ae 9ecab3344c Adopt revision 1.76 and 1.77 from NetBSD: 
Fix a vulnerability in IPsec-IPv6-AH, that allows an attacker to remotely
  crash the kernel with a single packet.

  In this loop we need to increment 'ad' by two, because the length field
  of the option header does not count the size of the option header itself.

  If the length is zero, then 'count' is incremented by zero, and there's
  an infinite loop. Beyond that, this code was written with the assumption
  that since the IPv6 packet already went through the generic IPv6 option
  parser, several fields are guaranteed to be valid; but this assumption
  does not hold because of the missing '+2', and there's as a result a
  triggerable buffer overflow (write zeros after the end of the mbuf,
  potentially to the next mbuf in memory since it's a pool).

  Add the missing '+2', this place will be reinforced in separate commits.

Reported by:	Maxime Villard <maxv at NetBSD.org>
MFC after:	1 week
2018-01-24 19:48:25 +00:00
..
amd64 Add SPDX identifiers to linux_ptrace.c and cfumass.c. 2018-01-24 17:04:01 +00:00
arm Make the trivial imx_soc_family() function an inline in imx_machdep.h. 2018-01-24 18:10:11 +00:00
arm64 Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
bsm sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
cam This comment is bogus. This is a legit release. 2018-01-22 17:47:49 +00:00
cddl MFV r328253: 8835 Speculative prefetch in ZFS not working for misaligned reads 2018-01-22 05:57:14 +00:00
compat Properly implement the "id" callback argument in the "idr_for_each" function 2018-01-24 13:37:07 +00:00
conf Convert extres/phy to kobj model. 2018-01-20 17:02:17 +00:00
contrib libnv: Use mallocarray(9) for the nv_calloc. 2018-01-19 14:50:53 +00:00
crypto Add ccp(4): experimental driver for AMD Crypto Co-Processor 2018-01-18 22:01:30 +00:00
ddb Implement 'domainset', a cpuset based NUMA policy mechanism. This allows 2018-01-12 22:48:23 +00:00
dev Add SPDX identifiers to linux_ptrace.c and cfumass.c. 2018-01-24 17:04:01 +00:00
dts Add a skeleton Clock Manager for RPi2/3, and use that from pwm 2018-01-22 07:10:30 +00:00
fs ext2fs|ufs:Unsign some values related to allocation. 2018-01-24 17:58:48 +00:00
gdb sys/gdb: further adoption of SPDX licensing ID tags. 2017-11-27 15:16:59 +00:00
geom Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
gnu Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
i386 Use BSD-2-Clause-FreeBSD license on linux_support.s 2018-01-23 20:35:43 +00:00
isa On further testing on actual machines with this hardware, we should 2017-12-30 08:16:31 +00:00
kern malloc(9): Change nominal size to size_t to match standard C 2018-01-24 19:37:18 +00:00
kgssapi sys/kgssapi: general adoption of SPDX licensing ID tags. 2017-11-27 15:49:00 +00:00
libkern SPDX: fix wrong license ID tag in libkern. 2017-12-28 01:20:30 +00:00
mips Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
modules Forgot to add the skeleton BCM283x Clock Manager 2018-01-22 08:33:59 +00:00
net Added missing CTLFLAG_VNET to lacp default_strict_mode 2018-01-24 10:13:14 +00:00
net80211 net80211: sanitize input for ieee80211_output() 2017-12-30 00:40:34 +00:00
netgraph Revert r327828, r327949, r327953, r328016-r328026, r328041: 2018-01-21 15:42:36 +00:00
netinet Do not generate illegal mbuf chains during IP fragment reassembly. Only 2018-01-24 05:09:21 +00:00
netinet6 Do not generate illegal mbuf chains during IP fragment reassembly. Only 2018-01-24 05:09:21 +00:00
netipsec Adopt revision 1.76 and 1.77 from NetBSD: 2018-01-24 19:48:25 +00:00
netpfil When IPv6 packet is handled by O_REJECT opcode, convert ICMP code 2018-01-24 12:40:28 +00:00
netsmb Unsign some values related to allocation. 2018-01-22 02:08:10 +00:00
nfs Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
nfsclient sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
nfsserver sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
nlm Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
ofed sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
opencrypto Split crp_buf into a union. 2018-01-16 19:41:18 +00:00
powerpc PPC: Add KASSERT in intrcnt_add which checks for buffer overflow 2018-01-24 12:01:32 +00:00
riscv Remove SFBUF_OPTIONAL_DIRECT_MAP and such hacks, replacing them across the 2018-01-19 17:46:31 +00:00
rpc Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
security Do pass removing some write-only variables from the kernel. 2017-12-25 04:48:39 +00:00
sparc64 Remove SFBUF_OPTIONAL_DIRECT_MAP and such hacks, replacing them across the 2018-01-19 17:46:31 +00:00
sys malloc(9): Change nominal size to size_t to match standard C 2018-01-24 19:37:18 +00:00
teken sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
tests
tools embed_mfs: correctly test grep return value 2018-01-03 19:22:10 +00:00
ufs ext2fs|ufs:Unsign some values related to allocation. 2018-01-24 17:58:48 +00:00
vm Assign map->header values to avoid boundary checks. 2018-01-20 12:19:02 +00:00
x86 Unsign some values related to allocation. 2018-01-22 02:08:10 +00:00
xdr sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
xen sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
Makefile Move sys/boot to stand. Fix all references to new location 2017-11-14 23:02:19 +00:00