pflog(4) tried to log the translated packet with rdr-to, nat-to, - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	bluhm <bluhm@openbsd.org>	2021-01-19 22:22:23 +0000
committer	bluhm <bluhm@openbsd.org>	2021-01-19 22:22:23 +0000
commit	2cbebc019f52ca82e5fb8c4ec5d5ed5614c8fef5 (patch)
tree	2ef1ff1e9c84ca82e88d04907150502821d2eebe /lib/libssl/tls12_record_layer.c
parent	blacklist com on m3000s. our com code causes faults somehow. (diff)
download	wireguard-openbsd-2cbebc019f52ca82e5fb8c4ec5d5ed5614c8fef5.tar.xz wireguard-openbsd-2cbebc019f52ca82e5fb8c4ec5d5ed5614c8fef5.zip

pflog(4) tried to log the translated packet with rdr-to, nat-to,

and af-to addresses and ports applied. Therefore it created a mbuf chain on the stack with a partial copy. This is too complicated for IP options, extension header, NAT46 af-to, and fragmented mbuf chains. It even caused a crash in syzkaller. Usually the length checks in pf_setup_pdesc() rejected the faked mbuf and the goto copy logged the packet unmodified. Remove the pflog_mtap() function and call bpf_mtap_hdr() directly. As the old buggy code was bypassed in most cases, tcpdump(8) output of pflog does not change. Uncondionally log the unmodified packet. Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com OK sashan@

Diffstat (limited to 'lib/libssl/tls12_record_layer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: