mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-26 11:47:31 +00:00
Code Issues Releases Activity

pfkey: Fix some checks in kdebug_sadb()

Browse Source 
Besides not doing any sufficient check that the length of a parsed
message is not bigger than the actual allocated buffer, kdebug_sadb()
incorrectly compares ext->sadb_ext_len, the extension payload size in 8
byte chunks, with tlen, which is the full message payload size in bytes.

This should compare PFKEY_UNUNIT64(ext->sadb_ext_len) with tlen instead.

PR:		277456
MFC after:	2 weeks
This commit is contained in:
Tobias Heider 2024-12-04 01:13:41 +00:00 committed by Mark Johnston
parent 3d642b0f71
commit 0dab21248b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netipsec/key_debug.c
View File

@ -191,11 +191,12 @@ kdebug_sadb(struct sadb_msg *base)
ext->sadb_ext_len, ext->sadb_ext_type,
kdebug_sadb_exttype(ext->sadb_ext_type));
if (ext->sadb_ext_len == 0) {
extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
if (extlen == 0) {
printf("%s: invalid ext_len=0 was passed.\n", __func__);
return;
}
if (ext->sadb_ext_len > tlen) {
if (extlen > tlen) {
printf("%s: ext_len too big (%u > %u).\n",
__func__, ext->sadb_ext_len, tlen);
return;
@ -262,7 +263,6 @@ kdebug_sadb(struct sadb_msg *base)
return;
}
extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
tlen -= extlen;
ext = (struct sadb_ext *)((caddr_t)ext + extlen);
}