989d921f5d
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
--- sys/netipsec/xform_ah.c.orig
|
|
+++ sys/netipsec/xform_ah.c
|
|
@@ -598,6 +598,16 @@
|
|
error = EACCES;
|
|
goto bad;
|
|
}
|
|
+ if (skip + authsize + rplen > m->m_pkthdr.len) {
|
|
+ DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
|
|
+ " for packet in SA %s/%08lx\n", __func__,
|
|
+ m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
|
|
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
|
|
+ (u_long) ntohl(sav->spi)));
|
|
+ AHSTAT_INC(ahs_badauthl);
|
|
+ error = EACCES;
|
|
+ goto bad;
|
|
+ }
|
|
AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
|
|
|
|
/* Get crypto descriptors. */
|
|
@@ -642,6 +652,9 @@
|
|
/* Zeroize the authenticator on the packet. */
|
|
m_copyback(m, skip + rplen, authsize, ipseczeroes);
|
|
|
|
+ /* Save ah_nxt, since ah pointer can become invalid after "massage" */
|
|
+ hl = ah->ah_nxt;
|
|
+
|
|
/* "Massage" the packet headers for crypto processing. */
|
|
error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family,
|
|
skip, ahx->type, 0);
|
|
@@ -664,7 +677,7 @@
|
|
|
|
/* These are passed as-is to the callback. */
|
|
xd->sav = sav;
|
|
- xd->nxt = ah->ah_nxt;
|
|
+ xd->nxt = hl;
|
|
xd->protoff = protoff;
|
|
xd->skip = skip;
|
|
xd->cryptoid = cryptoid;
|