upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-28 01:28:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netipsec
History
Mark Johnston 1e066db6cd Add missing sockaddr length and family validation to various protocols 
Several protocol methods take a sockaddr as input.  In some cases the
sockaddr lengths were not being validated, or were validated after some
out-of-bounds accesses could occur.  Add requisite checking to various
protocol entry points, and convert some existing checks to assertions
where appropriate.

Reported by:	syzkaller+KASAN
Reviewed by:	tuexen, melifaro
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29519

(cherry picked from commit f161d294b9)
2021-05-17 13:43:07 -04:00
..
ah.h
ah_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
esp_var.h
ipcomp.h
ipcomp_var.h
ipsec.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec6.h
ipsec_input.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec_output.c Convert unmapped mbufs before computing checksums in IPsec. 2021-01-19 11:52:00 -08:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h
key.c Trigger soft lifetime expiration on sequence number 2020-10-16 11:27:01 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
keydb.h Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
keysock.c Add missing sockaddr length and family validation to various protocols 2021-05-17 13:43:07 -04:00
keysock.h
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_ah.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_esp.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00