Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net and

mfranz@cisco.com for finding the problem).
author: angelos <angelos@openbsd.org> 2000-09-17 19:52:24 +0000
committer: angelos <angelos@openbsd.org> 2000-09-17 19:52:24 +0000
commit: ec9d1c1465b5513f22f0209b3d8d238bf50877d7 (patch)
tree: de06154318020191fee2aab3259295bd11d1864b /sys
parent: implement SIOCSIFMTU, okay deraadt@ (diff)
download: wireguard-openbsd-ec9d1c1465b5513f22f0209b3d8d238bf50877d7.tar.xz
wireguard-openbsd-ec9d1c1465b5513f22f0209b3d8d238bf50877d7.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index e031db48bd5..bcd4b5d9e85 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsec_input.c,v 1.30 2000/07/11 21:11:08 millert Exp $	*/
+/*	$OpenBSD: ipsec_input.c,v 1.31 2000/09/17 19:52:24 angelos Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -131,6 +131,13 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
         return EOPNOTSUPP;
     }
 
+    if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t))
+    {
+        m_freem(m);
+        IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops);
+        return EINVAL;
+    }
+
     /* Retrieve the SPI from the relevant IPsec header */
     if (sproto == IPPROTO_ESP)
       m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi);
author	angelos <angelos@openbsd.org>	2000-09-17 19:52:24 +0000
committer	angelos <angelos@openbsd.org>	2000-09-17 19:52:24 +0000
commit	ec9d1c1465b5513f22f0209b3d8d238bf50877d7 (patch)
tree	de06154318020191fee2aab3259295bd11d1864b /sys
parent	implement SIOCSIFMTU, okay deraadt@ (diff)
download	wireguard-openbsd-ec9d1c1465b5513f22f0209b3d8d238bf50877d7.tar.xz wireguard-openbsd-ec9d1c1465b5513f22f0209b3d8d238bf50877d7.zip