upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-04 17:05:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netipsec
History
Andrey V. Elsukov e54647920b Make user supplied data checks a bit stricter. 
key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
	http://www.kame.net/newsletter/20021210/

and our libipsec is usually used to create the correct request.
Add additional checks:
* that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
* that src/dst's sa_len is the same
* that 2*sa_len is not out of bounds of user supplied buffer
* that 2*sa_len fits into bounds of sadb_x_ipsecrequest

Reported by:	Ilja van Sprundel
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D11796
2017-08-09 19:58:38 +00:00
..
ah.h
ah_var.h
esp.h Summary: Remove spurious, extra, next header comments. 2015-05-15 18:04:49 +00:00
esp_var.h
ipcomp.h
ipcomp_var.h
ipsec.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec.h Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec6.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ipsec_mod.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
ipsec_output.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_pcb.c Fix SP refcount leak. 2017-04-26 00:34:05 +00:00
ipsec_support.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
key.c Make user supplied data checks a bit stricter. 2017-08-09 19:58:38 +00:00
key.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
key_debug.c Build kdebug_secreplay() function only when IPSEC_DEBUG is defined. 2017-06-01 10:04:12 +00:00
key_debug.h Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
key_var.h
keydb.h GC some unused declarations. 2017-04-03 04:44:56 +00:00
keysock.c Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
keysock.h
subr_ipsec.c Fix LINT build for powerpc. 2017-02-16 11:38:50 +00:00
udpencap.c For translated packets do not adjust UDP checksum if it is zero. 2017-02-18 19:53:37 +00:00
xform.h Merge projects/ipsec into head/. 2017-02-06 08:49:57 +00:00
xform_ah.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_esp.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_ipcomp.c Disable IPsec debugging code by default when IPSEC_DEBUG kernel option 2017-05-29 09:30:38 +00:00
xform_tcp.c Move tcp_fields_to_net() static inline into tcp_var.h, just below its 2017-02-10 17:46:26 +00:00