CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2017/08/17 04:14:08
Modified files:
sys/net : if_bridge.c
Log message:
Skip SPD lookups for short packets on IPsec-enabled bridge
When short packets are sent to the bridge with IPsec enabled,
an incorrect error path can be taken which leads to a lookup
of an SPD entry using an uninitialized SPI. Most of the time
this will fail, however there's a chance that an existing SPD
entry corresponds to the provided SPI which leads to use of
another uninitialized variable used to offset the IP or IPv6
header in order to get to the security protocol header.
ESP performs packet length checks and will fail when such
packets will reach it, but AH and IPComp don't have similar
checks and are affected the most.
CID 1452946, 1452957; Severity: Major
OK millert, visa, bluhm
