Author: gordon
Date: Tue Jan 28 18:56:46 2020
New Revision: 357218
URL: https://svnweb.freebsd.org/changeset/base/357218
Log:
Fix missing IPsec anti-replay window check
Reported by: Jean-Francois HREN
Approved by: so
Security: FreeBSD-SA-20:02.ipsec
Security: CVE-2019-5613
Modified:
releng/12.0/sys/netipsec/ipsec.c
Modified: releng/12.0/sys/netipsec/ipsec.c
==============================================================================
--- releng/12.0/sys/netipsec/ipsec.c Tue Jan 28 18:55:25 2020
(r357217)
+++ releng/12.0/sys/netipsec/ipsec.c Tue Jan 28 18:56:46 2020
(r357218)
@@ -1318,6 +1318,8 @@ ok:
__func__, replay->overflow,
ipsec_sa2str(sav, buf, sizeof(buf))));
}
+
+ replay->count++;
return (0);
}
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
