svn commit: r357218 - releng/12.0/sys/netipsec
Gordon Tetlow
gordon at FreeBSD.org
Tue Jan 28 18:56:46 UTC 2020
Author: gordon
Date: Tue Jan 28 18:56:46 2020
New Revision: 357218
URL: https://svnweb.freebsd.org/changeset/base/357218
Log:
Fix missing IPsec anti-replay window check
Reported by: Jean-Francois HREN
Approved by: so
Security: FreeBSD-SA-20:02.ipsec
Security: CVE-2019-5613
Modified:
releng/12.0/sys/netipsec/ipsec.c
Modified: releng/12.0/sys/netipsec/ipsec.c
==============================================================================
--- releng/12.0/sys/netipsec/ipsec.c Tue Jan 28 18:55:25 2020 (r357217)
+++ releng/12.0/sys/netipsec/ipsec.c Tue Jan 28 18:56:46 2020 (r357218)
@@ -1318,6 +1318,8 @@ ok:
__func__, replay->overflow,
ipsec_sa2str(sav, buf, sizeof(buf))));
}
+
+ replay->count++;
return (0);
}
More information about the svn-src-all
mailing list