FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec

Christoph Moench-Tegeder cmt at burggraben.net
Wed Mar 7 11:35:08 UTC 2018 

Hi,

the committed patch for FreeBSD 10.4 and 10.3 does not compile:

/usr/src/sys/netipsec/xform_ah.c:622:43: error: use of undeclared identifier
      'buf'
                    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
                                                        ^
/usr/src/sys/netipsec/ipsec.h:323:51: note: expanded from macro 'DPRINTF'
#define DPRINTF(x)      do { if (V_ipsec_debug) printf x; } while (0)
                                                       ^
/usr/src/sys/netipsec/xform_ah.c:625:3: error: use of undeclared identifier
      'error'
                error = EACCES;
                ^
/usr/src/sys/netipsec/xform_ah.c:626:8: error: use of undeclared label 'bad'
                goto bad;
                     ^
3 errors generated.
*** Error code 1


Looking at the code, the compiler is right - things have shifted here
in between FreeBSD 10 and 11, and what's working in 11 is not good for 10...
I guess we need this additional patch:

--- sys/netipsec/xform_ah.c.orig	2018-03-07 12:27:58.645874000 +0100
+++ sys/netipsec/xform_ah.c	2018-03-07 12:28:47.584073000 +0100
@@ -619,11 +619,10 @@
 		DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
 		    " for packet in SA %s/%08lx\n", __func__,
 		    m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
-		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+		    ipsec_address(&sav->sah->saidx.dst),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_badauthl);
-		error = EACCES;
-		goto bad;
+		return EACCES;
 	}
 	AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
 

But you'd better re-check, I don't know the code here - I'm just making
stuff compile :)

Further, neither this (SA-18:01) nor SA-18:02's nor the Errata Note's
(EN-18:01, EN-18:02) do show up in the given location:
https://www.freebsd.org/security/patches/SA-18%3A01/ (and the other
directories) only have the GPG signatures, but not the patches itself.

Regards,
Christoph

-- 
Spare Space
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20180307/9bf04c21/attachment.sig>

More information about the freebsd-security mailing list