amd64/177417: Invalid protocol value in ipsec6_common_input_cb

David Gueluy david.gueluy at netasq.com
Wed Mar 27 16:50:01 UTC 2013


>Number:         177417
>Category:       amd64
>Synopsis:       Invalid protocol value in ipsec6_common_input_cb
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-amd64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 27 16:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     David Gueluy
>Release:        8.3
>Organization:
Netasq
>Environment:
FreeBSD 8.3-RELEASE-p6
>Description:
I use an IPv6 IPSEC tunnel and observe that in ipsec6_common_input_cb ( ip6_input.c), the protocol value is invalid.

The problem is that the "prot" variable is not initialized. 
It's an integer and just 1 single byte is copied from the mbuf into this variable.

Prot value will never match  IPPROTO_IPIP or  IPPROTO_IPV6

static int
ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip, int protoff,
    struct m_tag *mt)
{
        int prot, af, sproto;

        ip6 = mtod(m, struct ip6_hdr *);
        ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));

        /* Save protocol */
        m_copydata(m, protoff, 1, (unsigned char *) &prot);

--> prot = wrong value



>How-To-Repeat:
Mount an IPv6 IPSEC tunnel and check the value
>Fix:
int prot = 0;


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-amd64 mailing list