| #
341258 |
|
29-Nov-2018 |
emaste |
MFC r340260: Avoid buffer underwrite in icmp_error
icmp_error allocates either an mbuf (with pkthdr) or a cluster depending
on the size of data to be quoted in the ICMP reply, but the calculation
failed to account for the additional padding that m_align may apply.
Include the ip header in the size passed to m_align. On 64-bit archs
this will have the net effect of moving everything 4 bytes later in the
mbuf or cluster. This will result in slightly pessimal alignment for
the ICMP data copy.
Also add an assertion that we do not move m_data before the beginning of
the mbuf or cluster.
Reported by: A reddit user
Security: CVE-2018-17156
Sponsored by: The FreeBSD Foundation
|
| #
340672 |
|
20-Nov-2018 |
eugen |
Unbreak build after r340671. This is direct commit to stable/10.
|
| #
340671 |
|
20-Nov-2018 |
eugen |
MFC r339558: New sysctl: net.inet.icmp.error_keeptags
Currently, icmp_error() function copies FIB number from original packet
into generated ICMP response but not mbuf_tags(9) chain.
This prevents us from easily matching ICMP responses corresponding
to tagged original packets by means of packet filter such as ipfw(8).
For example, ICMP "time-exceeded in-transit" packets usually generated
in response to traceroute probes lose tags attached to original packets.
This change adds new sysctl net.inet.icmp.error_keeptags
that defaults to 0 to avoid extra overhead when this feature not needed.
Set net.inet.icmp.error_keeptags=1 to make icmp_error() copy mbuf_tags
from original packet to generated ICMP response.
PR: 215874
|
| #
283901 |
|
02-Jun-2015 |
ae |
MFC r275392:
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
| #
281609 |
|
16-Apr-2015 |
markj |
MFC r272378:
Add net.inet.icmp.tstamprepl.
PR: 193689
|
| #
264221 |
|
07-Apr-2014 |
ae |
MFC r263966:
Don't copy the MF flag from original IP header to ICMP error message.
PR: 188092
Sponsored by: Yandex LLC
|
| #
283901 |
|
02-Jun-2015 |
ae |
MFC r275392:
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
| #
281609 |
|
16-Apr-2015 |
markj |
MFC r272378:
Add net.inet.icmp.tstamprepl.
PR: 193689
|
| #
264221 |
|
07-Apr-2014 |
ae |
MFC r263966:
Don't copy the MF flag from original IP header to ICMP error message.
PR: 188092
Sponsored by: Yandex LLC
|