[Bug 258849] IPSec may generate duplicate SPIs

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258849] IPSec may generate duplicate SPIs"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 258849] IPSec may generate duplicate SPIs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 01 Oct 2021 22:29:31 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258849

            Bug ID: 258849
           Summary: IPSec may generate duplicate SPIs
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: Herbie.Robinson@stratus.com

In key_do_getnewspi in key.c:

                /* when requesting to allocate spi ranged */
                while (count--) {
                        /* generate pseudo-random SPI value ranged. */
                        newspi = min + (key_random() % (max - min + 1));
                        if (!key_checkspidup(htonl(newspi)))
                                break;
                }

                if (count == 0 || newspi == 0) {
                        ipseclog((LOG_DEBUG,
                            "%s: failed to allocate SPI.\n", __func__));
                        return 0;
                }

If I am not mistaken, the loop exit in the failure case will leave "count" at
-1 (it's post-decrement), not zero.

-- 
You are receiving this mail because:
You are the assignee for the bug.