[Bug 241010] key_dup_keymsg bcopy too much bytes
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Oct 2 13:27:38 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010
Bug ID: 241010
Summary: key_dup_keymsg bcopy too much bytes
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: jean-francois.hren at stormshield.eu
Created attachment 208030
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208030&action=edit
fix using src->sadb_key_bits
In the function key_dup_keymsg() of netipsec/key.c, the parameter len is the
length of the SADB extension (either SADB_EXT_KEY_AUTH or SADB_EXT_KEY_ENCRYPT)
not the length of the key. The real length used by the second malloc and the
bcopy should be either (len - sizeof(struct sadb_key)) or (src->sadb_key_bits
>> 3).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list