Date: Fri, 31 Jul 2009 15:53:23 GMT From: Tobias Brunner <tobias.brunner@strongswan.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/137309: [ipsec] sequence number in a SADB_X_SPDGET response is set to zero Message-ID: <200907311553.n6VFrN4O060948@www.freebsd.org> Resent-Message-ID: <200907311600.n6VG09jn029113@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 137309 >Category: kern >Synopsis: [ipsec] sequence number in a SADB_X_SPDGET response is set to zero >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 31 16:00:09 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Tobias Brunner >Release: 7.2-RELEASE >Organization: strongSwan Project >Environment: FreeBSD bsd.localdomain 7.2-RELEASE FreeBSD 7.2-RELEASE #6: Fri Jul 31 16:18:55 CEST 2009 root@bsd.localdomain:/usr/obj/usr/src/sys/IPSEC i386 >Description: A user-land keying daemon can query an IPsec policy by using SADB_X_SPDGET. This request is handled in the function 'key_spdget' in /usr/src/sys/netipsec/key.c. There the function 'key_setdumpsp' is called to generate the actual response. The third parameter of that function specifies the sequence number of the message. It is currently set to zero. In order to be consistent with the behavior of SADB_GET (see function 'key_get', in particular line 5790, in key.c) the third parameter should be changed to the sequence number of the request. >How-To-Repeat: As described above. >Fix: The third parameter of the call to 'key_setdumpsp' (line 2242 in key.c) should be changed to mhp->msg->sadb_msg_seq (i.e. the sequence number of the request). >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907311553.n6VFrN4O060948>