Fri Feb 16 16:35:18 2018 UTC ()
Pull up following revision(s) (requested by maxv in ticket #559):

	sys/netipsec/ipsec.c: revision 1.130

Fix inverted logic, otherwise the kernel crashes when receiving a 1-byte
AH packet. Triggerable before authentication when IPsec and forwarding
are both enabled.


(martin)
diff -r1.99.2.3 -r1.99.2.4 src/sys/netipsec/ipsec.c
cvs diff -r1.99.2.3 -r1.99.2.4 src/sys/netipsec/ipsec.c (expand / switch to unified diff)

--- src/sys/netipsec/ipsec.c 2018/02/05 14:55:16 1.99.2.3
+++ src/sys/netipsec/ipsec.c 2018/02/16 16:35:18 1.99.2.4
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ipsec.c,v 1.99.2.3 2018/02/05 14:55:16 martin Exp $ */ 1/* $NetBSD: ipsec.c,v 1.99.2.4 2018/02/16 16:35:18 martin Exp $ */
2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ 2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ 3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.99.2.3 2018/02/05 14:55:16 martin Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.99.2.4 2018/02/16 16:35:18 martin Exp $");
36 36
37/* 37/*
38 * IPsec controller part. 38 * IPsec controller part.
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#endif 44#endif
45 45
46#include <sys/param.h> 46#include <sys/param.h>
47#include <sys/systm.h> 47#include <sys/systm.h>
48#include <sys/mbuf.h> 48#include <sys/mbuf.h>
@@ -1050,27 +1050,27 @@ ipsec4_get_ulp(struct mbuf *m, struct se @@ -1050,27 +1050,27 @@ ipsec4_get_ulp(struct mbuf *m, struct se
1050 spidx->dst.sin.sin_port = th.th_dport; 1050 spidx->dst.sin.sin_port = th.th_dport;
1051 return; 1051 return;
1052 case IPPROTO_UDP: 1052 case IPPROTO_UDP:
1053 spidx->ul_proto = nxt; 1053 spidx->ul_proto = nxt;
1054 if (!needport) 1054 if (!needport)
1055 goto done_proto; 1055 goto done_proto;
1056 if (off + sizeof(struct udphdr) > m->m_pkthdr.len) 1056 if (off + sizeof(struct udphdr) > m->m_pkthdr.len)
1057 goto done; 1057 goto done;
1058 m_copydata(m, off, sizeof (uh), &uh); 1058 m_copydata(m, off, sizeof (uh), &uh);
1059 spidx->src.sin.sin_port = uh.uh_sport; 1059 spidx->src.sin.sin_port = uh.uh_sport;
1060 spidx->dst.sin.sin_port = uh.uh_dport; 1060 spidx->dst.sin.sin_port = uh.uh_dport;
1061 return; 1061 return;
1062 case IPPROTO_AH: 1062 case IPPROTO_AH:
1063 if (m->m_pkthdr.len > off + sizeof(ip6e)) 1063 if (off + sizeof(ip6e) > m->m_pkthdr.len)
1064 goto done; 1064 goto done;
1065 /* XXX sigh, this works but is totally bogus */ 1065 /* XXX sigh, this works but is totally bogus */
1066 m_copydata(m, off, sizeof(ip6e), &ip6e); 1066 m_copydata(m, off, sizeof(ip6e), &ip6e);
1067 off += (ip6e.ip6e_len + 2) << 2; 1067 off += (ip6e.ip6e_len + 2) << 2;
1068 nxt = ip6e.ip6e_nxt; 1068 nxt = ip6e.ip6e_nxt;
1069 break; 1069 break;
1070 case IPPROTO_ICMP: 1070 case IPPROTO_ICMP:
1071 spidx->ul_proto = nxt; 1071 spidx->ul_proto = nxt;
1072 if (off + sizeof(struct icmp) > m->m_pkthdr.len) 1072 if (off + sizeof(struct icmp) > m->m_pkthdr.len)
1073 return; 1073 return;
1074 m_copydata(m, off, sizeof(icmph), &icmph); 1074 m_copydata(m, off, sizeof(icmph), &icmph);
1075 ((struct sockaddr_in *)&spidx->src)->sin_port = 1075 ((struct sockaddr_in *)&spidx->src)->sin_port =
1076 htons((uint16_t)icmph.icmp_type); 1076 htons((uint16_t)icmph.icmp_type);