Date: Wed, 02 Oct 2019 13:27:37 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 241010] key_dup_keymsg bcopy too much bytes Message-ID: <bug-241010-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241010 Bug ID: 241010 Summary: key_dup_keymsg bcopy too much bytes Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jean-francois.hren@stormshield.eu Created attachment 208030 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D208030&action= =3Dedit fix using src->sadb_key_bits In the function key_dup_keymsg() of netipsec/key.c, the parameter len is the length of the SADB extension (either SADB_EXT_KEY_AUTH or SADB_EXT_KEY_ENCR= YPT) not the length of the key. The real length used by the second malloc and the bcopy should be either (len - sizeof(struct sadb_key)) or (src->sadb_key_bi= ts >> 3). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241010-227>