summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2024-07-26 15:45:32 +0000
committerYASUOKA Masahiko <yasuoka@cvs.openbsd.org>2024-07-26 15:45:32 +0000
commit41297f7385e65db13da17e3d9b15138d6d517ad5 (patch)
treee11f4db48478f06a93d98bc2d8ede36489b05050 /sys/net
parent927d21cb257d8edcdd42498c567aee5b8c085ed6 (diff)
In pipex_l2tp_input(), check if ipsecflowinfo is not changed instead
of updating it blindly. ok mvs
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pipex.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index ba3038ed07b..c1bb5a86bcf 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pipex.c,v 1.154 2024/06/07 13:43:21 jsg Exp $ */
+/* $OpenBSD: pipex.c,v 1.155 2024/07/26 15:45:31 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -2031,7 +2031,13 @@ pipex_l2tp_input(struct mbuf *m0, int off0, struct pipex_session *session,
mtx_enter(&session->pxs_mtx);
l2tp_session = &session->proto.l2tp;
- l2tp_session->ipsecflowinfo = ipsecflowinfo;
+ if (l2tp_session->ipsecflowinfo != ipsecflowinfo) {
+ pipex_session_log(session, LOG_DEBUG,
+ "received message is %s",
+ (ipsecflowinfo != 0)? "from invalid ipsec flow" :
+ "without ipsec");
+ goto drop;
+ }
m_copydata(m0, off0, sizeof(flags), &flags);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 01:50:34 +0000