mirror of
https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo.git
synced 2026-05-16 10:50:09 +00:00
ipv6: add esp6 dual
Same bug in esp6_input not covered by f4c50a4034. PoC in ipv6/. ESP packet padded to >= 40 bytes for the v6-only size gate.
This commit is contained in:
0xdeadbeefnetwork
parent
d5ab58e091
commit
740f60f226
3 changed files with 342 additions and 0 deletions
|
|
@ -40,6 +40,13 @@ path.
|
|||
*MSG_SPLICE_PAGES UDP support was added in 6.5, so 5.15 is below the
|
||||
bug's reach.
|
||||
|
||||
## IPv6
|
||||
|
||||
Same bug exists in `esp6_input` and is not covered by the v4 fix
|
||||
`f4c50a4034`. PoC in `ipv6/`: `ipv6/run.sh` and `ipv6/copyfail2v6.c`.
|
||||
Uses `::1` loopback and `ip -6 xfrm`. ESP packet padded to >= 40 bytes
|
||||
to clear the `xfrm6_input.c:124` size gate.
|
||||
|
||||
## Credits
|
||||
|
||||
Hyunwoo Kim (imv4bel) and Kuan-Ting Chen reported, tested,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue