https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241010
Bug ID: 241010
Summary: key_dup_keymsg bcopy too much bytes
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 208030
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208030&action=edit
fix using src->sadb_key_bits
In the function key_dup_keymsg() of netipsec/key.c, the parameter len is the
length of the SADB extension (either SADB_EXT_KEY_AUTH or SADB_EXT_KEY_ENCRYPT)
not the length of the key. The real length used by the second malloc and the
bcopy should be either (len - sizeof(struct sadb_key)) or (src->sadb_key_bits
>> 3).
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
