IPsecv6 integrity failures not dropped

From: latten@austin.ibm.com
Date: Fri Apr 18 2003 - 15:17:04 EST


I am running IPSecv6 on 2.5.67 with patch-2.5.67-bk8.

If AH authentication or ESP encryption integrity check for an
incoming packet fails, result is an ICMPv6 Parameter problem
of Unknown-Next-Header, instead of just dropping packet. This
is because xfrm6_rcv() expects an unsigned-8-bit return value
from the input handler, i.e. ah6_input() or esp6_input(). But handler
returns a signed int (-EINVAL) that seems to be getting converted into
a "u8" via 2's complement, because ah6_input() says it is returning
-EINVAL/-22, but xfrm6_rcv() says it got a return value of 234,
which it believes to be valid and passes to ip6_input() who thinks it is
the next header.

I modified ah6_input() and esp6_input() to return zero instead of -EINVAL
in the fix below. I tested it and it works.

Please let me know if this is ok.

Joy
-------------------------------------------------------------------------

--- ah6.c.orig 2003-04-17 16:04:07.000000000 -0500
+++ ah6.c 2003-04-18 14:15:37.000000000 -0500
@@ -212,7 +212,7 @@
 free_out:
         kfree(tmp_hdr);
 out:
- return -EINVAL;
+ return 0;
 }
 
 void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
--- esp6.c.orig 2003-04-17 17:07:25.000000000 -0500
+++ esp6.c 2003-04-17 17:08:17.000000000 -0500
@@ -346,7 +346,7 @@
         return ret_nexthdr;
 
 out:
- return -EINVAL;
+ return 0;
 }
 
 static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:25 EST