diff options
| author |   deraadt <deraadt@openbsd.org> | 2009-10-28 21:03:17 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2009-10-28 21:03:17 +0000 |
| commit | 6129a7ef324762a91c68caaa28dd31216ad56cca (patch) | |
| tree | 62fcc995679f0ee454c70720f3521d8d87186425 | |
| parent | Use strtonum() instead of atoi() so that ridiculous sloppy things like (diff) | |
| download | wireguard-openbsd-6129a7ef324762a91c68caaa28dd31216ad56cca.tar.xz wireguard-openbsd-6129a7ef324762a91c68caaa28dd31216ad56cca.zip | |
*NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on
userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not
sparc64), sh, ...) on OpenBSD 4.3 or older
copy of the ipv4 bug, spotted by claudio
| -rw-r--r-- | sys/netinet6/ip6_output.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 75a1e2e0bad..565ca1b88b3 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.107 2009/10/06 21:21:48 claudio Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.108 2009/10/28 21:03:17 deraadt Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -1914,6 +1914,7 @@ do { \ case IPV6_ESP_TRANS_LEVEL: case IPV6_ESP_NETWORK_LEVEL: case IPV6_IPCOMP_LEVEL: + *mp = m = m_get(M_WAIT, MT_SOOPTS); #ifndef IPSEC m->m_len = sizeof(int); *mtod(m, int *) = IPSEC_LEVEL_NONE; |