diff options
author | ae <ae@FreeBSD.org> | 2017-08-16 12:01:22 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2017-08-16 12:01:22 +0000 |
commit | d3f829dcedd1db79b00b6840265a0c34bc0b75a3 (patch) | |
tree | b3266f1b542aab96d44af5826ca0d38fb5c6988f /sbin/mksnap_ffs | |
parent | 229f6711db33fcdfd9b4754796a72f2e7fbd3e04 (diff) | |
download | FreeBSD-src-d3f829dcedd1db79b00b6840265a0c34bc0b75a3.zip FreeBSD-src-d3f829dcedd1db79b00b6840265a0c34bc0b75a3.tar.gz |
MFC r322328:
Make user supplied data checks a bit stricter.
key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to configure IPsec bypass for
socket. Only privileged user can set this socket option.
The message syntax is described here
http://www.kame.net/newsletter/20021210/
and our libipsec is usually used to create the correct request.
Add additional checks:
* that sadb_x_ipsecrequest_len is not out of bounds of user supplied buffer
* that src/dst's sa_len is the same
* that 2*sa_len is not out of bounds of user supplied buffer
* that 2*sa_len fits into bounds of sadb_x_ipsecrequest
Reported by: Ilja van Sprundel
Diffstat (limited to 'sbin/mksnap_ffs')
0 files changed, 0 insertions, 0 deletions