[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 00869) Re: IPSEC: problem add/delete policy from SPD

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 00869) Re: IPSEC: problem add/delete policy from SPD
From: Valdis.Kletnieks@xxxxxx
Date: Fri, 12 Oct 2001 20:30:33 -0400
In-reply-to: Your message of "Fri, 12 Oct 2001 17:46:20 CDT." <200110122246.f9CMkKD34688@faith.austin.ibm.com>
References: <200110122246.f9CMkKD34688@faith.austin.ibm.com>
Reply-to: usagi-users@xxxxxxxxxxxxxx

On Fri, 12 Oct 2001 17:46:20 CDT, latten@xxxxxxxxxxxxxx  said:

> >--- spd.h       Tue Oct  9 11:39:11 2001
> >+++ spd.h.array Tue Oct  9 19:19:38 2001
> >@@ -72,7 +72,7 @@
> >        rwlock_t lock;  
> >        atomic_t count;
> >        struct selector selector;
> >-       struct list_head sa_index_list;
> >+       struct sa_index *sa_index_list[3];
> > };
> >
> >#define IPSEC_SP_AH   0
> >#define IPSEC_SP_ESP  1
> >#define IPSEC_SP_COMP 2

I haven't checked the source tree.  Does it in fact do a
bounds check to make sure that sa_index_list[i] isnt dereferenced
unless i is in the range 0..2?  Would make for a fast easy DOS
attack otherwise... ;)

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

Attachment: pgpfM9TAiiRnL.pgp
Description: PGP signature

References:
- (usagi-users 00868) Re: IPSEC: problem add/delete policy from SPD
  - From: latten

Prev by Date: (usagi-users 00868) Re: IPSEC: problem add/delete policy from SPD
Next by Date: (usagi-users 00870) Daily snaps?
Previous by thread: (usagi-users 00868) Re: IPSEC: problem add/delete policy from SPD
Next by thread: (usagi-users 00870) Daily snaps?
Index(es):
- Date
- Thread