Date: Thu, 1 Oct 2009 15:33:53 +0000 (UTC) From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r197674 - head/sys/netipsec Message-ID: <200910011533.n91FXron055903@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: vanhu Date: Thu Oct 1 15:33:53 2009 New Revision: 197674 URL: http://svn.freebsd.org/changeset/base/197674 Log: Changed an IPSEC_ASSERT to a simple test, as such invalid packets may come from outside without being discarded before. Submitted by: aurelien.ansel@netasq.com Reviewed by: bz (secteam) Obtained from: NETASQ MFC after: 1m Modified: head/sys/netipsec/xform_esp.c Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Thu Oct 1 15:28:40 2009 (r197673) +++ head/sys/netipsec/xform_esp.c Thu Oct 1 15:33:53 2009 (r197674) @@ -282,9 +282,15 @@ esp_input(struct mbuf *m, struct secasva IPSEC_ASSERT(sav != NULL, ("null SA")); IPSEC_ASSERT(sav->tdb_encalgxform != NULL, ("null encoding xform")); - IPSEC_ASSERT((skip&3) == 0 && (m->m_pkthdr.len&3) == 0, - ("misaligned packet, skip %u pkt len %u", - skip, m->m_pkthdr.len)); + + /* Valid IP Packet length ? */ + if ( (skip&3) || (m->m_pkthdr.len&3) ){ + DPRINTF(("%s: misaligned packet, skip %u pkt len %u", + __func__, skip, m->m_pkthdr.len)); + V_espstat.esps_badilen++; + m_freem(m); + return EINVAL; + } /* XXX don't pullup, just copy header */ IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof (struct newesp));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910011533.n91FXron055903>