kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can
not coexist
zhouyi zhou
zhouyi04 at ios.cn
Tue Mar 28 01:00:45 UTC 2006
The following reply was made to PR kern/94599; it has been noted by GNATS.
From: zhouyi zhou <zhouyi04 at ios.cn>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: kern/94599: [mac] MAC (Mandatory Access Control) and IPSEC can
not coexist
Date: Tue, 28 Mar 2006 08:51:13 +0800
I finally find reason why.
there exists a serious bug in function ipsec_copypkt(m)
of netinet6/ipsec.c in FreeBSD 5.4, FreeBSD 6.0 and FreeBSD 7.0
3469 MGETHDR(mnew, M_DONTWAIT, MT_HEADER);
3470 if (mnew == NULL)
3471 goto fail;
3472 mnew->m_pkthdr = n->m_pkthdr;
3473 #if 0
3474 /* XXX: convert to m_tag or delete? */
3475 if (n->m_pkthdr.aux) {
3476 mnew->m_pkthdr.aux =
3477 m_copym(n->m_pkthdr.aux,
3478 0, M_COPYALL, M_DONTWAIT);
3479 }
3480 #endif
3481 M_MOVE_PKTHDR(mnew, n);
On line 3472, mnew->m_pkthdr is assigned n->m_pkthdr, and
on line 3481, in function m_move_pkthdr, mnew's tag list will be delete (and the n's tag
of cause). This will cause system to crash.
After commenting out line 3472, everything is OK.
Sincerely yours
Zhouyi Zhou
Institute of Software
Chinese Academy of Sciences
More information about the freebsd-bugs
mailing list