Hi, the committed patch for FreeBSD 10.4 and 10.3 does not compile:
/usr/src/sys/netipsec/xform_ah.c:622:43: error: use of undeclared identifier 'buf' ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ^ /usr/src/sys/netipsec/ipsec.h:323:51: note: expanded from macro 'DPRINTF' #define DPRINTF(x) do { if (V_ipsec_debug) printf x; } while (0) ^ /usr/src/sys/netipsec/xform_ah.c:625:3: error: use of undeclared identifier 'error' error = EACCES; ^ /usr/src/sys/netipsec/xform_ah.c:626:8: error: use of undeclared label 'bad' goto bad; ^ 3 errors generated. *** Error code 1 Looking at the code, the compiler is right - things have shifted here in between FreeBSD 10 and 11, and what's working in 11 is not good for 10... I guess we need this additional patch: --- sys/netipsec/xform_ah.c.orig 2018-03-07 12:27:58.645874000 +0100 +++ sys/netipsec/xform_ah.c 2018-03-07 12:28:47.584073000 +0100 @@ -619,11 +619,10 @@ DPRINTF(("%s: bad mbuf length %u (expecting %lu)" " for packet in SA %s/%08lx\n", __func__, m->m_pkthdr.len, (u_long) (skip + authsize + rplen), - ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), + ipsec_address(&sav->sah->saidx.dst), (u_long) ntohl(sav->spi))); AHSTAT_INC(ahs_badauthl); - error = EACCES; - goto bad; + return EACCES; } AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); But you'd better re-check, I don't know the code here - I'm just making stuff compile :) Further, neither this (SA-18:01) nor SA-18:02's nor the Errata Note's (EN-18:01, EN-18:02) do show up in the given location: https://www.freebsd.org/security/patches/SA-18%3A01/ (and the other directories) only have the GPG signatures, but not the patches itself. Regards, Christoph -- Spare Space
signature.asc
Description: PGP signature