]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b66194) | patch
ipsec: Return error code if no matching SA was found
authorKornel Duleba <mindal@semihalf.com>
Fri, 13 Aug 2021 07:35:08 +0000 (09:35 +0200)
committerWojciech Macek <wma@FreeBSD.org>
Fri, 13 Aug 2021 07:35:08 +0000 (09:35 +0200)
commita16771de4c1e01b52318edfab315d0ba2dce0c65
tree9d4fc094b2e3a992a2f61bcfd301098752dfefb7tree | snapshot
parent6b66194bcb7e43ef40b11005618544081c6e30eacommit | diff
ipsec: Return error code if no matching SA was found

If we matched SP to a packet, but no associated SA was found
ipsec4_allocsa will return NULL while setting error=0.
This resulted in use after free and potential kernel panic.
Return EINPROGRESS if the case described above instead.

Obtained from: Semihalf
Sponsored by: Stormshield
Differential revision: https://reviews.freebsd.org/D30994
sys/netipsec/ipsec_output.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.