From eac971545baa3857903e0107439f00d8438c5847 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Tue, 17 Jan 2023 03:37:45 +0200 Subject: if_ipsec(4): protect against user supplying unknown address family Reviewed by: ae, hselasky Sponsored by: NVIDIA Networking MFC after: 1 week Differential revision: https://reviews.freebsd.org/D38093 --- sys/net/if_ipsec.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/sys/net/if_ipsec.c b/sys/net/if_ipsec.c index b170ac177a64..3952b5edb681 100644 --- a/sys/net/if_ipsec.c +++ b/sys/net/if_ipsec.c @@ -813,13 +813,17 @@ ipsec_srcaddr(void *arg __unused, const struct sockaddr *sa, { struct ipsec_softc *sc; struct secasindex *saidx; + struct ipsec_iflist *iflist; /* Check that VNET is ready */ if (V_ipsec_idhtbl == NULL) return; NET_EPOCH_ASSERT(); - CK_LIST_FOREACH(sc, ipsec_srchash(sa), srchash) { + iflist = ipsec_srchash(sa); + if (iflist == NULL) + return; + CK_LIST_FOREACH(sc, iflist, srchash) { if (sc->family == 0) continue; saidx = ipsec_getsaidx(sc, IPSEC_DIR_OUTBOUND, sa->sa_family); @@ -1015,12 +1019,18 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src, struct sockaddr *dst, uint32_t reqid) { struct epoch_tracker et; + struct ipsec_iflist *iflist; struct secpolicy *sp[IPSEC_SPCOUNT]; int i; sx_assert(&ipsec_ioctl_sx, SA_XLOCKED); /* Allocate SP with new addresses. */ + iflist = ipsec_srchash(src); + if (iflist == NULL) { + sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING; + return (EAFNOSUPPORT); + } if (ipsec_newpolicies(sc, sp, src, dst, reqid) == 0) { /* Add new policies to SPDB */ if (key_register_ifnet(sp, IPSEC_SPCOUNT) != 0) { @@ -1033,7 +1043,7 @@ ipsec_set_tunnel(struct ipsec_softc *sc, struct sockaddr *src, for (i = 0; i < IPSEC_SPCOUNT; i++) sc->sp[i] = sp[i]; sc->family = src->sa_family; - CK_LIST_INSERT_HEAD(ipsec_srchash(src), sc, srchash); + CK_LIST_INSERT_HEAD(iflist, sc, srchash); } else { sc->ifp->if_drv_flags &= ~IFF_DRV_RUNNING; return (ENOMEM); -- cgit v1.2.3