[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Andrey V. Elsukov changed: What|Removed |Added Status|Open|Closed Resolution|---

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 --- Comment #9 from commit-h...@freebsd.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=1219a3f40db386aaa10edfea27d9cc73fdea3935 commit 1219a3f40db386aaa10edfea27d9cc73fdea3935 Author:

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 --- Comment #8 from commit-h...@freebsd.org --- A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=72e2ebf642125efb74479fd038f45f49a3e846e4 commit 72e2ebf642125efb74479fd038f45f49a3e846e4 Author:

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 --- Comment #7 from commit-h...@freebsd.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=04207850a9b988d3c04e904cb5783f33da7fe184 commit 04207850a9b988d3c04e904cb5783f33da7fe184 Author:

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Konstantin Belousov changed: What|Removed |Added CC||k...@freebsd.org --- Comment

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Mark Linimon changed: What|Removed |Added Attachment #208061|0 |1 is obsolete|

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Kubilay Kocak changed: What|Removed |Added Keywords|needs-patch | Flags|maintainer-fee

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Jean-François Hren changed: What|Removed |Added Attachment #208030|0 |1 is obsolete|

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 --- Comment #3 from Jean-François Hren --- (In reply to Andrey V. Elsukov from comment #2) A check on sadb_key_bits can be done to ensure we are not going out-of-bound. Breaking current installations should not be an issue since this length

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Kubilay Kocak changed: What|Removed |Added Keywords|patch |needs-patch, needs-qa

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 --- Comment #2 from Andrey V. Elsukov --- In general your approach looks correct, but I think you need to validate that bits field will not lead to out of the bounds access before trusting user's data and doing bcopy. Also, since this field

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Eugene Grosbein changed: What|Removed |Added Status|New |Open --- Comment #1 from Eugene

[Bug 241010] netipsec: key_dup_keymsg bcopy too much bytes

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|n...@freebsd.org Keywords