Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 9 Apr 2011 11:03:04 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        cvs-src-old@freebsd.org
Subject:   cvs commit: src/sys/netinet6 ipcomp_input.c src/sys/netipsec xform_ipcomp.c
Message-ID:  <201104091103.p39B3Wku048437@repoman.freebsd.org>
index | next in thread | raw e-mail 

bz          2011-04-09 11:03:04 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/netinet6         ipcomp_input.c 
    sys/netipsec         xform_ipcomp.c 
  Log:
  SVN rev 220485 on 2011-04-09 11:03:04Z by bz
  
  MFC r220247:
  
    Do not allow directly recursive RFC3173 IPComp payload.
  
    While IPv6 does count iterations over next headers in ip6_input,
    we still disallow directly recursive IPComp payload in the KAME code.
  
  Security:       CVE-2011-1547
  
  Revision  Changes    Path
  1.8.2.2   +26 -1     src/sys/netinet6/ipcomp_input.c
  1.8.2.8   +21 -0     src/sys/netipsec/xform_ipcomp.c
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104091103.p39B3Wku048437>