[Bug 277456] netipsec: kdebug_sadb invalid length check for sadb_ext_len

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277456] netipsec: kdebug_sadb invalid length check for sadb_ext_len"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277456] netipsec: kdebug_sadb invalid length check for sadb_ext_len"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 03 Mar 2024 16:30:20 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277456

            Bug ID: 277456
           Summary: netipsec: kdebug_sadb invalid length check for
                    sadb_ext_len
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: me@tobhe.de

Created attachment 248900
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=248900&action=edit
Patch

Besides not doing any sufficient check that the length of a parsed message is
not bigger than the actual allocated buffer, kdebug_sadb() incorrectly compares
ext->sadb_ext_len, the extension payload size in 8 byte chunks, with tlen,
which is the full message payload size in bytes.

This should compare PFKEY_UNUNIT64(ext->sadb_ext_len) with tlen instead.
fix attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.