Bad ESP/AH packets could cause a crash under certain conditions.

Apply by doing:
       cd /usr/src
       patch -p0 < 024_ipsec.patch

And then rebuild your kernel.

Index: sys/netinet/ipsec_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.23
diff -u -r1.23 ipsec_input.c
--- sys/netinet/ipsec_input.c   2000/03/29 10:15:22     1.23
+++ sys/netinet/ipsec_input.c   2000/09/18 16:39:30
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ipsec_input.c,v 1.23 2000/03/29 10:15:22 angelos Exp $        */
+/*     $OpenBSD: ipsec_input.c,v 1.31 2000/09/17 19:52:24 angelos Exp $        */

/*
 * The authors of this code are John Ioannidis ([email protected]),
@@ -130,6 +130,13 @@
        return EOPNOTSUPP;
    }

+    if (m->m_pkthdr.len - skip < 2 * sizeof(u_int32_t))
+    {
+        m_freem(m);
+        IPSEC_ISTAT(espstat.esps_hdrops, ahstat.ahs_hdrops);
+        return EINVAL;
+    }
+
    /* Retrieve the SPI from the relevant IPsec header */
    if (sproto == IPPROTO_ESP)
      m_copydata(m, skip, sizeof(u_int32_t), (caddr_t) &spi);
@@ -287,6 +294,7 @@
       ip = mtod(m, struct ip *);
       ip->ip_len = htons(m->m_pkthdr.len);
       HTONS(ip->ip_id);
+       HTONS(ip->ip_off);
       ip->ip_sum = 0;
       ip->ip_sum = in_cksum(m, ip->ip_hl << 2);
       prot = ip->ip_p;

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.