korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 00:04:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
3f0ab59e65
linux/net/xfrm
History
Sabrina Dubroca 3f0ab59e65 xfrm: validate new SA's prefixlen using SA family when sel.family is unset 
This expands the validation introduced in commit 07bf790895 ("xfrm:
Validate address prefix lengths in the xfrm selector.")

syzbot created an SA with
    usersa.sel.family = AF_UNSPEC
    usersa.sel.prefixlen_s = 128
    usersa.family = AF_INET

Because of the AF_UNSPEC selector, verify_newsa_info doesn't put
limits on prefixlen_{s,d}. But then copy_from_user_state sets
x->sel.family to usersa.family (AF_INET). Do the same conversion in
verify_newsa_info before validating prefixlen_{s,d}, since that's how
prefixlen is going to be used later on.

Reported-by: syzbot+cc39f136925517aed571@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2024-10-07 09:09:08 +02:00
..
espintcp.c net: move netdev_max_backlog to net_hotdata 2024-03-07 21:12:42 -08:00
Kconfig ipsec: Select CRYPTO_AEAD 2023-10-01 16:28:14 +08:00
Makefile xfrm: support sending NAT keepalives in ESP in UDP states 2024-06-26 13:22:42 +02:00
xfrm_algo.c net: fill in MODULE_DESCRIPTION()s for xfrm 2024-02-09 14:12:01 -08:00
xfrm_compat.c xfrm: support sending NAT keepalives in ESP in UDP states 2024-06-26 13:22:42 +02:00
xfrm_device.c xfrm: extract dst lookup parameters into a struct 2024-09-23 07:02:07 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-07-15 13:19:17 -07:00
xfrm_interface_bpf.c bpf: treewide: Annotate BPF kfuncs in BTF 2024-01-31 20:40:56 -08:00
xfrm_interface_core.c netdev_features: convert NETIF_F_LLTX to dev->lltx 2024-09-03 11:36:43 +02:00
xfrm_ipcomp.c net: introduce and use skb_frag_fill_page_desc() 2023-05-13 19:47:56 +01:00
xfrm_nat_keepalive.c xfrm: support sending NAT keepalives in ESP in UDP states 2024-06-26 13:22:42 +02:00
xfrm_output.c Revert "xfrm: add SA information to the offloaded packet" 2024-09-09 11:43:39 +02:00
xfrm_policy.c xfrm: policy: remove last remnants of pernet inexact list 2024-09-24 09:58:16 +02:00
xfrm_proc.c xfrm: Add dir validation to "in" data path lookup 2024-05-01 10:06:27 +02:00
xfrm_replay.c xfrm: Add Direction to the SA in or out 2024-05-01 10:05:11 +02:00
xfrm_state_bpf.c bpf: treewide: Annotate BPF kfuncs in BTF 2024-01-31 20:40:56 -08:00
xfrm_state.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-07-15 13:19:17 -07:00
xfrm_sysctl.c net: Remove ctl_table sentinel elements from several networking subsystems 2024-05-03 13:29:42 +01:00
xfrm_user.c xfrm: validate new SA's prefixlen using SA family when sel.family is unset 2024-10-07 09:09:08 +02:00