summaryrefslogtreecommitdiffstats
path: root/contrib/wpa/src/drivers/driver_bsd.c
diff options
context:
space:
mode:
authorkp <kp@FreeBSD.org>2019-03-01 18:12:07 +0000
committerRenato Botelho <renato@netgate.com>2019-05-13 16:46:26 -0300
commitfed039d3092243b82f8b05665ff26c241f04f948 (patch)
treee0445297e0b31435d64968eb1a1c41ecbc065796 /contrib/wpa/src/drivers/driver_bsd.c
parentff7d4801f1b88de656e028209818ff005e8a1353 (diff)
downloadFreeBSD-src-fed039d3092243b82f8b05665ff26c241f04f948.zip
FreeBSD-src-fed039d3092243b82f8b05665ff26c241f04f948.tar.gz
MFC r344691:
pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or cause a panic We mistakenly used the extoff value from the last packet to patch the next_header field. If a malicious host sends a chain of fragmented packets where the first packet and the final packet have different lengths or number of extension headers we'd patch the next_header at the wrong offset. This can potentially lead to panics or rule bypasses. Reported by: Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv Approved by: so Obtained from: OpenBSD Security: CVE-2019-5597 (cherry picked from commit 7a414c941a0fca9f111c2f3d405eb16c71c8374d)
Diffstat (limited to 'contrib/wpa/src/drivers/driver_bsd.c')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud