CVS commit: src/sys/netipsec

Thu, 31 May 2018 08:07:23 -0700 

Module Name:    src
Committed By:   maxv
Date:           Thu May 31 15:06:45 UTC 2018

Modified Files:
        src/sys/netipsec: ipsec_output.c

Log Message:
Adapt rev1.75, suggested by Alexander Bluhm. Relax the checks to allow
protocols smaller than two bytes (only IPPROTO_NONE). While here style.


To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.79 src/sys/netipsec/ipsec_output.c:1.80
--- src/sys/netipsec/ipsec_output.c:1.79	Thu May 31 07:03:57 2018
+++ src/sys/netipsec/ipsec_output.c	Thu May 31 15:06:45 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.79 2018/05/31 07:03:57 maxv Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.80 2018/05/31 15:06:45 maxv Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.79 2018/05/31 07:03:57 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.80 2018/05/31 15:06:45 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -624,39 +624,39 @@ compute_ipsec_pos(struct mbuf *m, int *i
 	 *     IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
 	 */
 	while (1) {
-		if (*i + sizeof(ip6e) > m->m_pkthdr.len) {
-			return EINVAL;
-		}
-
 		switch (nxt) {
 		case IPPROTO_AH:
 		case IPPROTO_ESP:
 		case IPPROTO_IPCOMP:
-		/*
-		 * we should not skip security header added
-		 * beforehand.
-		 */
+			/*
+			 * We should not skip security header added
+			 * beforehand.
+			 */
 			return 0;
 
 		case IPPROTO_HOPOPTS:
 		case IPPROTO_DSTOPTS:
 		case IPPROTO_ROUTING:
-		/*
-		 * if we see 2nd destination option header,
-		 * we should stop there.
-		 */
+			if (*i + sizeof(ip6e) > m->m_pkthdr.len) {
+				return EINVAL;
+			}
+
+			/*
+			 * If we see 2nd destination option header,
+			 * we should stop there.
+			 */
 			if (nxt == IPPROTO_DSTOPTS && dstopt)
 				return 0;
 
 			if (nxt == IPPROTO_DSTOPTS) {
 				/*
-				 * seen 1st or 2nd destination option.
+				 * Seen 1st or 2nd destination option.
 				 * next time we see one, it must be 2nd.
 				 */
 				dstopt = 1;
 			} else if (nxt == IPPROTO_ROUTING) {
 				/*
-				 * if we see destination option next
+				 * If we see destination option next
 				 * time, it must be dest2.
 				 */
 				dstopt = 2;
@@ -667,6 +667,9 @@ compute_ipsec_pos(struct mbuf *m, int *i
 			nxt = ip6e.ip6e_nxt;
 			*off = *i + offsetof(struct ip6_ext, ip6e_nxt);
 			*i += (ip6e.ip6e_len + 1) << 3;
+			if (*i > m->m_pkthdr.len) {
+				return EINVAL;
+			}
 			break;
 		default:
 			return 0;

Reply via email to