Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Oct 2019 09:58:24 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes
Message-ID:  <bug-241010-7501-ZQQ7OnAfQ3@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-241010-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-241010-7501@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241010

--- Comment #2 from Andrey V. Elsukov <ae@FreeBSD.org> ---
In general your approach looks correct, but I think you need to validate th=
at
bits field will not lead to out of the bounds access before trusting user's
data and doing bcopy.
Also, since this field was not checked properly in the past, it is possible
that some IKE software doesn't fill it properly, and such change can break =
some
installations.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241010-7501-ZQQ7OnAfQ3>