Paths

Table of Contentst

ipsec esp: avoid dereferencing freed secasindex
ClosedPublic
Actions

Authored by kib on Feb 25 2024, 10:37 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Nov 16, 4:12 PM

	Unknown Object (File)
	Wed, Oct 30, 12:21 PM

	Unknown Object (File)
	Oct 19 2024, 12:12 AM

	Unknown Object (File)
	Oct 2 2024, 9:00 PM

	Unknown Object (File)
	Sep 30 2024, 8:27 AM

	Unknown Object (File)
	Sep 30 2024, 8:21 AM

	Unknown Object (File)
	Sep 30 2024, 6:11 AM

	Unknown Object (File)
	Sep 26 2024, 3:20 AM

Subscribers

Details

Reviewers

ae
jhb

Commits

rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex

Summary

It is possible that SA was removed while processing packed, in which
case it changed to the DEAD state and it index removed from the tree.
Dereferencing sav->sah then touches freed memory.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kib created this revision.Feb 25 2024, 10:37 AM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptFeb 25 2024, 10:37 AM

kib requested review of this revision.Feb 25 2024, 10:37 AM

Probably we should increase esps_notdb or esps_invalid counter here.

This revision is now accepted and ready to land.Feb 26 2024, 7:40 AM

Update counter, add debug printf for the situation.

This revision now requires review to proceed.Feb 26 2024, 10:04 AM

ae accepted this revision.Feb 26 2024, 2:17 PM

This revision is now accepted and ready to land.Feb 26 2024, 2:17 PM

Closed by commit rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex (authored by kib). · Explain WhyFeb 26 2024, 2:28 PM

This revision was automatically updated to reflect the committed changes.

kib added a commit: rG1a56620b7958: ipsec esp: avoid dereferencing freed secasindex.

Revision Contents
Changeset List

Path

Size

sys/

netipsec/

xform_esp.c

7 lines

Diff 135009

View Options

ipsec esp: avoid dereferencing freed secasindexClosedPublicActions