From owner-freebsd-security@freebsd.org  Wed Mar  7 11:35:08 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9A91F47F15
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  7 Mar 2018 11:35:07 +0000 (UTC)
 (envelope-from cmt@burggraben.net)
Received: from smtp.burggraben.net (smtp.burggraben.net
 [IPv6:2a01:4f8:140:50a2::3:1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "ns.exwg.net", Issuer "Christoph Moench-Tegeder" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6023C6E151
 for <freebsd-security@freebsd.org>; Wed,  7 Mar 2018 11:35:07 +0000 (UTC)
 (envelope-from cmt@burggraben.net)
Received: from localhost (localhost [127.0.0.1])
 by smtp.burggraben.net (Postfix) with ESMTP id CD0976002F1
 for <freebsd-security@freebsd.org>; Wed,  7 Mar 2018 12:35:05 +0100 (CET)
X-Spam-Scanned: by amavisd-new at exwg.net
Received: from smtp.burggraben.net ([127.0.0.1])
 by localhost (ns.burggraben.net [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 48fVdjp7vNaz for <freebsd-security@freebsd.org>;
 Wed,  7 Mar 2018 12:35:00 +0100 (CET)
Received: from elch.exwg.net (elch.exwg.net
 [IPv6:2001:470:7120:1:127b:44ff:fe4f:148d])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "elch.exwg.net", Issuer "Christoph Moench-Tegeder" (verified OK))
 by smtp.burggraben.net (Postfix) with ESMTPS
 for <freebsd-security@freebsd.org>; Wed,  7 Mar 2018 12:35:00 +0100 (CET)
Received: by elch.exwg.net (Postfix, from userid 1000)
 id 5D58127325; Wed,  7 Mar 2018 12:35:00 +0100 (CET)
Date: Wed, 7 Mar 2018 12:35:00 +0100
From: Christoph Moench-Tegeder <cmt@burggraben.net>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec
Message-ID: <20180307113500.GA50696@elch.exwg.net>
References: <20180307070938.D70A94469@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW"
Content-Disposition: inline
In-Reply-To: <20180307070938.D70A94469@freefall.freebsd.org>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 11:35:08 -0000


--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

the committed patch for FreeBSD 10.4 and 10.3 does not compile:

/usr/src/sys/netipsec/xform_ah.c:622:43: error: use of undeclared identifier
      'buf'
                    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
                                                        ^
/usr/src/sys/netipsec/ipsec.h:323:51: note: expanded from macro 'DPRINTF'
#define DPRINTF(x)      do { if (V_ipsec_debug) printf x; } while (0)
                                                       ^
/usr/src/sys/netipsec/xform_ah.c:625:3: error: use of undeclared identifier
      'error'
                error =3D EACCES;
                ^
/usr/src/sys/netipsec/xform_ah.c:626:8: error: use of undeclared label 'bad'
                goto bad;
                     ^
3 errors generated.
*** Error code 1


Looking at the code, the compiler is right - things have shifted here
in between FreeBSD 10 and 11, and what's working in 11 is not good for 10...
I guess we need this additional patch:

--- sys/netipsec/xform_ah.c.orig	2018-03-07 12:27:58.645874000 +0100
+++ sys/netipsec/xform_ah.c	2018-03-07 12:28:47.584073000 +0100
@@ -619,11 +619,10 @@
 		DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
 		    " for packet in SA %s/%08lx\n", __func__,
 		    m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
-		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+		    ipsec_address(&sav->sah->saidx.dst),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_badauthl);
-		error =3D EACCES;
-		goto bad;
+		return EACCES;
 	}
 	AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
=20

But you'd better re-check, I don't know the code here - I'm just making
stuff compile :)

Further, neither this (SA-18:01) nor SA-18:02's nor the Errata Note's
(EN-18:01, EN-18:02) do show up in the given location:
https://www.freebsd.org/security/patches/SA-18%3A01/ (and the other
directories) only have the GPG signatures, but not the patches itself.

Regards,
Christoph

--=20
Spare Space

--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEoJWHwgBcrz+o94uKXDrR55w48RIFAlqfzl8ACgkQXDrR55w4
8RLQxAf/UI0BQXSvNHQQdTPgQVOQf674QoUMnzXFLS08H9yTD7gjRgAHO8Nrozvk
EJuKBT5FtCv+T27C2wm+amzm55LKBGAaWEMoPU4ZLnRIkaMvOkohRtIHsF/0xiIq
N+Y8FnnPor34b+5wjx0wNqCQC/mwFDcTQiwwC8TdUeIYBYIFBj8ikxwMZTePg0LH
bBqFDI7ueDJLmhzJ6qm7Xxz5TySBA0Orno9nmHcFf1S02Ene+fAAQxP+dsf4rcE2
ZNNbZxj3BN+qt2TSlyemXn1Nkk9TEOrpDhGWsXkYAjUnsKvaGJF2/zym5Po43yDJ
J/RMBHcMjA1X5EbRMKW1oXh28Fn39w==
=bat7
-----END PGP SIGNATURE-----

--ew6BAiZeqk4r7MaW--