diff options
author | bz <bz@FreeBSD.org> | 2010-10-23 20:35:40 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2010-10-23 20:35:40 +0000 |
commit | de9392f9e014151a889a4d86de9f6736a94f158e (patch) | |
tree | f5d45570646bf96cfcb9125ee6a33290a6a158e2 /sys/netipsec/keydb.h | |
parent | 1f7e8301f37d1383a1b54e2fd57a8f750ee42848 (diff) | |
download | FreeBSD-src-de9392f9e014151a889a4d86de9f6736a94f158e.zip FreeBSD-src-de9392f9e014151a889a4d86de9f6736a94f158e.tar.gz |
Make the IPsec SADB embedded route cache a union to be able to hold both the
legacy and IPv6 route destination address.
Previously in case of IPv6, there was a memory overwrite due to not enough
space for the IPv6 address.
PR: kern/122565
MFC After: 2 weeks
Diffstat (limited to 'sys/netipsec/keydb.h')
-rw-r--r-- | sys/netipsec/keydb.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/netipsec/keydb.h b/sys/netipsec/keydb.h index 07e1f60..7494f5f 100644 --- a/sys/netipsec/keydb.h +++ b/sys/netipsec/keydb.h @@ -85,6 +85,12 @@ struct seclifetime { u_int64_t usetime; }; +union sa_route_union { + struct route sa_route; + struct route sin_route; /* Duplicate for consistency. */ + struct route_in6 sin6_route; +}; + /* Security Association Data Base */ struct secashead { LIST_ENTRY(secashead) chain; @@ -100,7 +106,7 @@ struct secashead { /* SA chain */ /* The first of this list is newer SA */ - struct route sa_route; /* route cache */ + union sa_route_union route_cache; }; struct xformsw; |