netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Henrik Petander <lpetande@tml.hut.fi>
To: netdev@oss.sgi.com
Subject: Bug in ipv6 ipsec  in handling of packets with extension headers
Date: Thu, 05 Jun 2003 15:25:14 +0300	[thread overview]
Message-ID: <3EDF36AA.9020403@tml.hut.fi> (raw)

Hi,

There's a bug in get_offset function of ah6 and esp6. The function 
returns also a pointer, prev_hdr, pointing to the last extension header 
before the IPSec headers. This pointer points to the skb. The ipsec 
headers go between the payload and the extension header, making the 
pointer invalid. However, after this the pointer is used for setting the 
next header field of the extension header to IPPROTO_ESP or IPPROTO_AH. 
This corrupts the packet, if any extension headers are present.

An easy way to test this is to send a data packet with routing header 
protected by IPSec.

A possible fix is to change the pointer into an offset from the start of 
the packet and use the offset later to set the nexthdr value in the 
extension header.

Thanks,

Henrik

             reply	other threads:[~2003-06-05 12:25 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-06-05 12:25 Henrik Petander [this message]
2003-06-05 12:17 ` Bug in ipv6 ipsec in handling of packets with extension headers David S. Miller
2003-06-05 12:59   ` Henrik Petander
2003-06-05 16:54     ` Mitsuru KANDA / 神田 充
2003-06-06 18:17     ` [PATCH] fix esp6 extension headers handling Mitsuru KANDA / 神田 充
2003-06-07  9:22       ` David S. Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3EDF36AA.9020403@tml.hut.fi \
    --to=lpetande@tml.hut.fi \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).