Date: Tue, 8 Apr 2008 07:38:17 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: blue <susan.lan@zyxel.com.tw> Cc: freebsd-net@freebsd.org Subject: Re: [ipsec] bug report: possible memory overwrite for IPv6 IPsec Message-ID: <20080408073749.D66744@maildrop.int.zabbadoz.net> In-Reply-To: <47FB15B7.8080202@zyxel.com.tw> References: <47FB15B7.8080202@zyxel.com.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 8 Apr 2008, blue wrote: > Dear all: > > struct secashead defined in keydb.h line 89: > > /* Security Association Data Base */ > struct secashead { > LIST_ENTRY(secashead) chain; > > struct secasindex saidx; > > struct secident *idents; /* source identity */ > struct secident *identd; /* destination identity */ > /* XXX I don't know how to use them. */ > > u_int8_t state; /* MATURE or DEAD. */ > LIST_HEAD(_satree, secasvar) savtree[SADB_SASTATE_MAX+1]; > /* SA chain */ > /* The first of this list is newer SA */ > > struct route sa_route; /* route cache */ > }; > > The last field "sa_route" is "struct route", whose space is not enough for > IPv6 address. However, in ipsec6_output_tunnel() in ipsec_output.c, the field > could possibly be assigned with an IPv6 address. > > My suggestion is to enlarge the field as struct route_in6, which could > accommodate both IPv4 and IPv6 address. Can you please file a PR for this. Thanks. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Software is harder than hardware so better get it right the first time.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080408073749.D66744>