FreeBSD SA-06:11 and CVE-2006-0905: update the replay sequence number
or else the anti-reply technique won't work as expected.
This commit is contained in:
parent
682cc4ce96
commit
51a2954a4d
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: xform_esp.c,v 1.7 2005/12/11 12:25:06 christos Exp $ */
|
||||
/* $NetBSD: xform_esp.c,v 1.8 2006/03/23 15:25:46 rpaulo Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
|
||||
|
||||
|
@ -39,7 +39,7 @@
|
|||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.7 2005/12/11 12:25:06 christos Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.8 2006/03/23 15:25:46 rpaulo Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#ifdef __FreeBSD__
|
||||
|
@ -568,6 +568,23 @@ esp_input_cb(struct cryptop *crp)
|
|||
*/
|
||||
m->m_flags |= M_DECRYPTED;
|
||||
|
||||
/*
|
||||
* Update replay sequence number, if appropriate.
|
||||
*/
|
||||
if (sav->replay) {
|
||||
u_int32_t seq;
|
||||
|
||||
m_copydata(m, skip + offsetof(struct newesp, esp_seq),
|
||||
sizeof (seq), (caddr_t) &seq);
|
||||
if (ipsec_updatereplay(ntohl(seq), sav)) {
|
||||
DPRINTF(("%s: packet replay check for %s\n", __func__,
|
||||
ipsec_logsastr(sav)));
|
||||
espstat.esps_replay++;
|
||||
error = ENOBUFS;
|
||||
goto bad;
|
||||
}
|
||||
}
|
||||
|
||||
/* Determine the ESP header length */
|
||||
if (sav->flags & SADB_X_EXT_OLD)
|
||||
hlen = sizeof (struct esp) + sav->ivlen;
|
||||
|
|
Loading…
Reference in New Issue