amd64/177417: Invalid protocol value in ipsec6_common_input_cb
David Gueluy
david.gueluy at netasq.com
Wed Mar 27 16:50:01 UTC 2013
>Number: 177417
>Category: amd64
>Synopsis: Invalid protocol value in ipsec6_common_input_cb
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 27 16:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: David Gueluy
>Release: 8.3
>Organization:
Netasq
>Environment:
FreeBSD 8.3-RELEASE-p6
>Description:
I use an IPv6 IPSEC tunnel and observe that in ipsec6_common_input_cb ( ip6_input.c), the protocol value is invalid.
The problem is that the "prot" variable is not initialized.
It's an integer and just 1 single byte is copied from the mbuf into this variable.
Prot value will never match IPPROTO_IPIP or IPPROTO_IPV6
static int
ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff,
struct m_tag *mt)
{
int prot, af, sproto;
ip6 = mtod(m, struct ip6_hdr *);
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));
/* Save protocol */
m_copydata(m, protoff, 1, (unsigned char *) &prot);
--> prot = wrong value
>How-To-Repeat:
Mount an IPv6 IPSEC tunnel and check the value
>Fix:
int prot = 0;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-amd64
mailing list