git: eac971545baa - main - if_ipsec(4): protect against user supplying unknown address family

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Wed, 18 Jan 2023 21:19:02 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=eac971545baa3857903e0107439f00d8438c5847

commit eac971545baa3857903e0107439f00d8438c5847
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-01-17 01:37:45 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-01-18 21:18:39 +0000

    if_ipsec(4): protect against user supplying unknown address family
    
    Reviewed by:    ae, hselasky
    Sponsored by:   NVIDIA Networking
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D38093
---
 sys/net/if_ipsec.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c
index b170ac177a64..3952b5edb681 100644
--- a/sys/net/if_ipsec.c
+++ b/sys/net/if_ipsec.c
@@ -813,13 +813,17 @@ ipsec_srcaddr(void *arg __unused, const struct sockaddr *sa,
 {
 	struct ipsec_softc *sc;
 	struct secasindex *saidx;
+	struct ipsec_iflist *iflist;
 
 	/* Check that VNET is ready */
 	if (V_ipsec_idhtbl == NULL)
 		return;
 
 	NET_EPOCH_ASSERT();
-	CK_LIST_FOREACH(sc, ipsec_srchash(sa), srchash) {
+	iflist = ipsec_srchash(sa);
+	if (iflist == NULL)
+		return;
+	CK_LIST_FOREACH(sc, iflist, srchash) {
 		if (sc->family == 0)
 			continue;
 		saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sa->sa_family);
@@ -1015,12 +1019,18 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src,
     struct sockaddr *dst, uint32_t reqid)
 {
 	struct epoch_tracker et;
+	struct ipsec_iflist *iflist;
 	struct secpolicy *sp[IPSEC_SPCOUNT];
 	int i;
 
 	sx_assert(&ipsec_ioctl_sx, SA_XLOCKED);
 
 	/* Allocate SP with new addresses. */
+	iflist = ipsec_srchash(src);
+	if (iflist == NULL) {
+		sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
+		return (EAFNOSUPPORT);
+	}
 	if (ipsec_newpolicies(sc, sp, src, dst, reqid) == 0) {
 		/* Add new policies to SPDB */
 		if (key_register_ifnet(sp, IPSEC_SPCOUNT) != 0) {
@@ -1033,7 +1043,7 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src,
 		for (i = 0; i < IPSEC_SPCOUNT; i++)
 			sc->sp[i] = sp[i];
 		sc->family = src->sa_family;
-		CK_LIST_INSERT_HEAD(ipsec_srchash(src), sc, srchash);
+		CK_LIST_INSERT_HEAD(iflist, sc, srchash);
 	} else {
 		sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
 		return (ENOMEM);