Date: Sun, 03 Mar 2024 16:30:20 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 277456] netipsec: kdebug_sadb invalid length check for sadb_ext_len Message-ID: <bug-277456-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277456 Bug ID: 277456 Summary: netipsec: kdebug_sadb invalid length check for sadb_ext_len Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: me@tobhe.de Created attachment 248900 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=248900&action=edit Patch Besides not doing any sufficient check that the length of a parsed message is not bigger than the actual allocated buffer, kdebug_sadb() incorrectly compares ext->sadb_ext_len, the extension payload size in 8 byte chunks, with tlen, which is the full message payload size in bytes. This should compare PFKEY_UNUNIT64(ext->sadb_ext_len) with tlen instead. fix attached. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277456-227>