- avoid hardcoded values.

- correct signedness mixups. - log fix. - preparation for 64bit sequence number. introduce SA id (unique ID for SA - SPI is useless as duplicated SPI is allowed) - no need to malloc/free cksum buffer. Obtained from: KAME
author: ume <ume@FreeBSD.org> 2003-10-12 12:03:25 +0000
committer: ume <ume@FreeBSD.org> 2003-10-12 12:03:25 +0000
commit: 2e96368ca1566458ad16e71593cc9dc12dbf388e (patch)
tree: bd4ee7c6026c424faf377deab945c44dfd8797fb
parent: b3ea058f3783a59cf440024c560c4bc35d407901 (diff)
download: FreeBSD-src-2e96368ca1566458ad16e71593cc9dc12dbf388e.zip
FreeBSD-src-2e96368ca1566458ad16e71593cc9dc12dbf388e.tar.gz
2 files changed, 29 insertions, 41 deletions
diff --git a/sys/netinet6/ah_input.c b/sys/netinet6/ah_input.c
index d7d3030..6fb8071 100644
--- a/sys/netinet6/ah_input.c
+++ b/sys/netinet6/ah_input.c
@@ -108,11 +108,10 @@ ah4_input(m, off)
 	const struct ah_algorithm *algo;
 	size_t siz;
 	size_t siz1;
-	u_char *cksum;
+	u_int8_t cksum[AH_MAXSUMSIZE];
 	struct secasvar *sav = NULL;
 	u_int16_t nxt;
 	size_t hlen;
-	int proto;
 	size_t stripsiz = 0;
 
 #ifndef PULLDOWN_TEST
@@ -127,11 +126,9 @@ ah4_input(m, off)
 	}
 
 	ip = mtod(m, struct ip *);
-	proto = ip->ip_p;
 	ah = (struct ah *)(((caddr_t)ip) + off);
 #else
 	ip = mtod(m, struct ip *);
-	proto = ip->ip_p;
 	IP6_EXTHDR_GET(ah, struct ah *, m, off, sizeof(struct newah));
 	if (ah == NULL) {
 		ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
@@ -227,6 +224,12 @@ ah4_input(m, off)
 		ipsecstat.in_inval++;
 		goto fail;
 	}
+	if (siz1 > sizeof(cksum)) {
+		ipseclog((LOG_NOTICE, "sum length too large: %s\n",
+		    ipsec4_logpacketstr(ip, spi)));
+		ipsecstat.in_inval++;
+		goto fail;
+	}
 
 #ifndef PULLDOWN_TEST
 	if (m->m_len < off + sizeof(struct ah) + sizoff + siz1) {
@@ -270,22 +273,14 @@ ah4_input(m, off)
 	 * alright, it seems sane.  now we are going to check the
 	 * cryptographic checksum.
 	 */
-	cksum = malloc(siz1, M_TEMP, M_NOWAIT);
-	if (!cksum) {
-		ipseclog((LOG_DEBUG, "IPv4 AH input: "
-		    "couldn't alloc temporary region for cksum\n"));
-		ipsecstat.in_inval++;
-		goto fail;
-	}
-	
+
 	/*
 	 * some of IP header fields are flipped to the host endian.
 	 * convert them back to network endian.  VERY stupid.
 	 */
 	ip->ip_len = htons(ip->ip_len + hlen);
 	ip->ip_off = htons(ip->ip_off);
-	if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
-		free(cksum, M_TEMP);
+	if (ah4_calccksum(m, cksum, siz1, algo, sav)) {
 		ipsecstat.in_inval++;
 		goto fail;
 	}
@@ -311,14 +306,11 @@ ah4_input(m, off)
 		ipseclog((LOG_WARNING,
 		    "checksum mismatch in IPv4 AH input: %s %s\n",
 		    ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
-		free(cksum, M_TEMP);
 		ipsecstat.in_ahauthfail++;
 		goto fail;
 	}
     }
 
-	free(cksum, M_TEMP);
-
 	m->m_flags |= M_AUTHIPHDR;
 	m->m_flags |= M_AUTHIPDGM;
 
@@ -573,7 +565,7 @@ ah6_input(mp, offp, proto)
 	const struct ah_algorithm *algo;
 	size_t siz;
 	size_t siz1;
-	u_char *cksum;
+	u_int8_t cksum[AH_MAXSUMSIZE];
 	struct secasvar *sav = NULL;
 	u_int16_t nxt;
 	size_t stripsiz = 0;
@@ -662,6 +654,13 @@ ah6_input(mp, offp, proto)
 		ipsec6stat.in_inval++;
 		goto fail;
 	}
+	if (siz1 > sizeof(cksum)) {
+		ipseclog((LOG_NOTICE, "sum length too large: %s\n",
+		    ipsec6_logpacketstr(ip6, spi)));
+		ipsec6stat.in_inval++;
+		goto fail;
+	}
+
 #ifndef PULLDOWN_TEST
 	IP6_EXTHDR_CHECK(m, off, sizeof(struct ah) + sizoff + siz1, IPPROTO_DONE);
 #else
@@ -696,16 +695,8 @@ ah6_input(mp, offp, proto)
 	 * alright, it seems sane.  now we are going to check the
 	 * cryptographic checksum.
 	 */
-	cksum = malloc(siz1, M_TEMP, M_NOWAIT);
-	if (!cksum) {
-		ipseclog((LOG_DEBUG, "IPv6 AH input: "
-		    "couldn't alloc temporary region for cksum\n"));
-		ipsec6stat.in_inval++;
-		goto fail;
-	}
-	
-	if (ah6_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
-		free(cksum, M_TEMP);
+
+	if (ah6_calccksum(m, cksum, siz1, algo, sav)) {
 		ipsec6stat.in_inval++;
 		goto fail;
 	}
@@ -726,14 +717,11 @@ ah6_input(mp, offp, proto)
 		ipseclog((LOG_WARNING,
 		    "checksum mismatch in IPv6 AH input: %s %s\n",
 		    ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
-		free(cksum, M_TEMP);
 		ipsec6stat.in_ahauthfail++;
 		goto fail;
 	}
     }
 
-	free(cksum, M_TEMP);
-
 	m->m_flags |= M_AUTHIPHDR;
 	m->m_flags |= M_AUTHIPDGM;
 
@@ -862,7 +850,7 @@ ah6_input(mp, offp, proto)
 		/*
 		 * strip off AH.
 		 */
-		char *prvnxtp;
+		u_int8_t *prvnxtp;
 
 		/*
 		 * Copy the value of the next header field of AH to the
diff --git a/sys/netinet6/ah_output.c b/sys/netinet6/ah_output.c
index 9f31caf..bbd697f 100644
--- a/sys/netinet6/ah_output.c
+++ b/sys/netinet6/ah_output.c
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: ah_output.c,v 1.31 2001/07/26 06:53:15 jinmei Exp $	*/
+/*	$KAME: ah_output.c,v 1.38 2003/09/06 05:15:43 itojun Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -128,9 +128,9 @@ ah_hdrsiz(isr)
     estimate:
 	/* ASSUMING:
 	 *	sizeof(struct newah) > sizeof(struct ah).
-	 *	16 = (16 + 3) & ~(4 - 1).
+	 *	AH_MAXSUMSIZE is multiple of 4.
 	 */
-	return sizeof(struct newah) + 16;
+	return sizeof(struct newah) + AH_MAXSUMSIZE;
 }
 
 #ifdef INET
@@ -150,7 +150,7 @@ ah4_output(m, isr)
 	const struct ah_algorithm *algo;
 	u_int32_t spi;
 	u_char *ahdrpos;
-	u_char *ahsumpos = NULL;
+	u_int8_t *ahsumpos = NULL;
 	size_t hlen = 0;	/* IP header+option in bytes */
 	size_t plen = 0;	/* AH payload size in bytes */
 	size_t ahlen = 0;	/* plen + sizeof(ah) */
@@ -270,7 +270,7 @@ ah4_output(m, isr)
 		 * XXX sequence number must not be cycled, if the SA is
 		 * installed by IKE daemon.
 		 */
-		ahdr->ah_seq = htonl(sav->replay->count);
+		ahdr->ah_seq = htonl(sav->replay->count & 0xffffffff);
 		bzero(ahdr + 1, plen);
 	}
 
@@ -304,7 +304,7 @@ ah4_output(m, isr)
 	 * calcurate the checksum, based on security association
 	 * and the algorithm specified.
 	 */
-	error = ah4_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
+	error = ah4_calccksum(m, ahsumpos, plen, algo, sav);
 	if (error) {
 		ipseclog((LOG_ERR,
 		    "error after ah4_calccksum, called from ah4_output"));
@@ -366,7 +366,7 @@ ah6_output(m, nexthdrp, md, isr)
 	struct secasvar *sav = isr->sav;
 	const struct ah_algorithm *algo;
 	u_int32_t spi;
-	u_char *ahsumpos = NULL;
+	u_int8_t *ahsumpos = NULL;
 	size_t plen;	/* AH payload size in bytes */
 	int error = 0;
 	int ahlen;
@@ -411,7 +411,7 @@ ah6_output(m, nexthdrp, md, isr)
 	/* fix plen */
 	if (m->m_pkthdr.len - sizeof(struct ip6_hdr) > IPV6_MAXPACKET) {
 		ipseclog((LOG_ERR,
-		    "ip6_output: AH with IPv6 jumbogram is not supported\n"));
+		    "ah6_output: AH with IPv6 jumbogram is not supported\n"));
 		m_freem(m);
 		return EINVAL;
 	}
@@ -485,7 +485,7 @@ ah6_output(m, nexthdrp, md, isr)
 	 * calcurate the checksum, based on security association
 	 * and the algorithm specified.
 	 */
-	error = ah6_calccksum(m, (caddr_t)ahsumpos, plen, algo, sav);
+	error = ah6_calccksum(m, ahsumpos, plen, algo, sav);
 	if (error) {
 		ipsec6stat.out_inval++;
 		m_freem(m);
author	ume <ume@FreeBSD.org>	2003-10-12 12:03:25 +0000
committer	ume <ume@FreeBSD.org>	2003-10-12 12:03:25 +0000
commit	2e96368ca1566458ad16e71593cc9dc12dbf388e (patch)
tree	bd4ee7c6026c424faf377deab945c44dfd8797fb
parent	b3ea058f3783a59cf440024c560c4bc35d407901 (diff)
download	FreeBSD-src-2e96368ca1566458ad16e71593cc9dc12dbf388e.zip FreeBSD-src-2e96368ca1566458ad16e71593cc9dc12dbf388e.tar.gz