CVSROOT: /cvs Module name: src Changes by: mi...@cvs.openbsd.org 2017/08/17 04:14:08
Modified files: sys/net : if_bridge.c Log message: Skip SPD lookups for short packets on IPsec-enabled bridge When short packets are sent to the bridge with IPsec enabled, an incorrect error path can be taken which leads to a lookup of an SPD entry using an uninitialized SPI. Most of the time this will fail, however there's a chance that an existing SPD entry corresponds to the provided SPI which leads to use of another uninitialized variable used to offset the IP or IPv6 header in order to get to the security protocol header. ESP performs packet length checks and will fail when such packets will reach it, but AH and IPComp don't have similar checks and are affected the most. CID 1452946, 1452957; Severity: Major OK millert, visa, bluhm