diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2009-10-28 18:02:01 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2009-10-28 18:02:01 +0000 |
| commit | 6888a40feb5e56d47728d957ac0808a3d8aebbd7 (patch) | |
| tree | 77422ead487f9f9fddcb639ee16a32cbfcdb97e9 /sys/netinet/ip_output.c | |
| parent | 44a03bff38c353e73ecb643bb901b65f92c17539 (diff) | |
*NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on
userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not
sparc64), sh, ...) on OpenBSD 4.3 or older
ok claudio
Diffstat (limited to 'sys/netinet/ip_output.c')
| -rw-r--r-- | sys/netinet/ip_output.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index b59ffcaaf2d..22e96f50d57 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.195 2009/10/06 21:21:48 claudio Exp $ */ +/* $OpenBSD: ip_output.c,v 1.196 2009/10/28 18:02:00 deraadt Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -1526,6 +1526,7 @@ ip_ctloutput(op, so, level, optname, mp) case IP_ESP_TRANS_LEVEL: case IP_ESP_NETWORK_LEVEL: case IP_IPCOMP_LEVEL: + *mp = m = m_get(M_WAIT, MT_SOOPTS); #ifndef IPSEC m->m_len = sizeof(int); *mtod(m, int *) = IPSEC_LEVEL_NONE; |