FreeBSD SA-06:11 and CVE-2006-0905: update the replay sequence number

or else the anti-reply technique won't work as expected.
This commit is contained in:
rpaulo 2006-03-23 15:25:46 +00:00
parent 682cc4ce96
commit 51a2954a4d
1 changed files with 19 additions and 2 deletions

View File

@ -1,4 +1,4 @@
/* $NetBSD: xform_esp.c,v 1.7 2005/12/11 12:25:06 christos Exp $ */
/* $NetBSD: xform_esp.c,v 1.8 2006/03/23 15:25:46 rpaulo Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.7 2005/12/11 12:25:06 christos Exp $");
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.8 2006/03/23 15:25:46 rpaulo Exp $");
#include "opt_inet.h"
#ifdef __FreeBSD__
@ -568,6 +568,23 @@ esp_input_cb(struct cryptop *crp)
*/
m->m_flags |= M_DECRYPTED;
/*
* Update replay sequence number, if appropriate.
*/
if (sav->replay) {
u_int32_t seq;
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
sizeof (seq), (caddr_t) &seq);
if (ipsec_updatereplay(ntohl(seq), sav)) {
DPRINTF(("%s: packet replay check for %s\n", __func__,
ipsec_logsastr(sav)));
espstat.esps_replay++;
error = ENOBUFS;
goto bad;
}
}
/* Determine the ESP header length */
if (sav->flags & SADB_X_EXT_OLD)
hlen = sizeof (struct esp) + sav->ivlen;