From nobody@FreeBSD.org  Fri May 21 15:07:01 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2909216A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 21 May 2004 15:07:01 -0700 (PDT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22F3743D39
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 21 May 2004 15:07:01 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.11/8.12.11) with ESMTP id i4LM6uuk076907
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 21 May 2004 15:06:56 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.11/8.12.11/Submit) id i4LM6ut0076906;
	Fri, 21 May 2004 15:06:56 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200405212206.i4LM6ut0076906@www.freebsd.org>
Date: Fri, 21 May 2004 15:06:56 -0700 (PDT)
From: Zhenmin <zli4@cs.uiuc.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: A potential bug detected in /sys/netipsec/key.c
X-Send-Pr-Version: www-2.3

>Number:         67013
>Category:       kern
>Synopsis:       A potential bug detected in /sys/netipsec/key.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 21 15:10:23 PDT 2004
>Closed-Date:    Sat Apr 09 06:32:27 GMT 2005
>Last-Modified:  Sat Apr 09 06:32:27 GMT 2005
>Originator:     Zhenmin
>Release:        5.2.1
>Organization:
OPERA Research Group, UIUC
>Environment:
>Description:
The potential bug is detected by our analysis tool in file 
/sys/netipsec/key.c:3849

3849                 if (spidx0->src.sin6.sin6_scope_id &&
3850                     spidx1->src.sin6.sin6_scope_id &&
3851                     spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
3852                         return 0;
3853                 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
3854                     &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
3855                         return 0;

>How-To-Repeat:
The potential bug is detected by our own analysis tool.
>Fix:
--- ./bsd-5.2.1/sys/netipsec/key.c      2003-09-29 17:57:43.000000000 -0500
+++ ./bsd-5.2.1/sys/netipsec/key.c.fixed      2004-05-21 17:01:05.000000000 -0500
@@ -3846,8 +3846,8 @@
                 * scope_id check. if sin6_scope_id is 0, we regard it
                 * as a wildcard scope, which matches any scope zone ID.
                 */
-               if (spidx0->src.sin6.sin6_scope_id &&
-                   spidx1->src.sin6.sin6_scope_id &&
+               if (spidx0->dst.sin6.sin6_scope_id &&
+                   spidx1->dst.sin6.sin6_scope_id &&
                    spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
                        return 0;
                if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: bms 
State-Changed-When: Tue Jun 22 16:47:01 GMT 2004 
State-Changed-Why:  
Looks like a cut-n-pasto, awaiting further feedback from sam 
before committing. 


Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue Jun 22 16:47:01 GMT 2004 
Responsible-Changed-Why:  
I'll take this 

http://www.freebsd.org/cgi/query-pr.cgi?pr=67013 
State-Changed-From-To: analyzed->patched 
State-Changed-By: bms 
State-Changed-When: Tue Jun 22 17:13:41 GMT 2004 
State-Changed-Why:  
Committed to -CURRENT, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=67013 

From: Matteo Riondato <rionda@gufi.org>
To: Gnats PR Database <freebsd-gnats-submit@freebsd.org>
Cc: bms@freebsd.org
Subject: Re: kern/67013 A potential bug detected in /sys/netipsec/key.c
Date: Fri, 8 Apr 2005 11:03:41 +0200

 --rCb8EA+9TsBVtA92
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 
 This was fixed and MFCed on Jun 22 2004, so this PR can be closed.
 Thanks
 Best Regards
 --=20
 Rionda aka Matteo Riondato
 Disinformato per default
 G.U.F.I. Staff Member (http://www.gufi.org)
 FreeSBIE Developer (http://www.freesbie.org)
 
 --rCb8EA+9TsBVtA92
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.0 (FreeBSD)
 
 iD8DBQFCVkjt2Mp4pR7Fa+wRAvLQAKCeEtXhDtnd+WxPCqYJhZuSzxoplACghFvz
 k77iE9UAcPuGiwuH3mVUUCU=
 =8TMW
 -----END PGP SIGNATURE-----
 
 --rCb8EA+9TsBVtA92--
State-Changed-From-To: patched->closed 
State-Changed-By: bms 
State-Changed-When: Sat Apr 9 06:32:11 GMT 2005 
State-Changed-Why:  
MFC'd 

http://www.freebsd.org/cgi/query-pr.cgi?pr=67013 
>Unformatted:
