Date: Wed, 06 Oct 2021 20:08:50 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 258970] Excessive packet validation added into rev.360967 in sys/libalias breaks handling of fragmented [UDP] packets Message-ID: <bug-258970-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258970 Bug ID: 258970 Summary: Excessive packet validation added into rev.360967 in sys/libalias breaks handling of fragmented [UDP] packets Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: sobomax@FreeBSD.org The extra validation added to fix some security issues in the following cha= nge broke handling of the fragmented UDP packets. I've only tested it with UDP = but it might also affect TCP and ICMP as well. ---- Author: emaste Date: Tue May 12 16:33:04 2020 New Revision: 360967 URL: https://svnweb.freebsd.org/changeset/base/360967 Log: libalias: validate packet lengths before accessing headers admbugs: 956 Submitted by: ae Reported by: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative Reported by: Vishnu working with Trend Micro Zero Day Initiative Security: FreeBSD-SA-20:12.libalias Modified: head/sys/netinet/libalias/alias.c ---- As a result, ng_nat (in our case) passes fragmented [UDP] packets unaliased, both first fragment and any subsequent ones. This would also affect other u= sers of sys/libalias, not just ng_nat. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258970-227>