korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-16 00:34:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
864f5af3a3
linux/net/xfrm
History
Herbert Xu 1137b5e252 ipsec: Fix aborted xfrm policy dump crash 
An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.

The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash.  This can be
triggered if a dump fails because the target socket's receive
buffer is full.

This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.

Fixes: 12a169e7d8 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2017-10-23 09:35:48 +02:00
..
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-02-16 21:25:49 -05:00
Makefile xfrm: fix xfrm_dev_event() missing when compile without CONFIG_XFRM_OFFLOAD 2017-06-07 08:16:27 +02:00
xfrm_algo.c xfrm: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
xfrm_device.c xfrm: Fix negative device refcount on offload failure. 2017-09-11 10:36:51 +02:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: use "unsigned int" in __xfrm6_pref_hash() 2017-03-24 07:03:12 +01:00
xfrm_input.c vti: fix NULL dereference in xfrm_input() 2017-09-13 10:15:24 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
xfrm_output.c net: xfrm: support setting an output mark. 2017-08-11 07:03:00 +02:00
xfrm_policy.c ipsec: Fix dst leak in xfrm_bundle_create(). 2017-10-11 10:15:58 +02:00
xfrm_proc.c proc: Reduce cache miss in xfrm_statistics_seq_show 2016-09-30 01:50:45 -04:00
xfrm_replay.c xfrm: Add xfrm_replay_overflow functions for offloading 2017-04-14 10:07:01 +02:00
xfrm_state.c xfrm: don't call xfrm_policy_cache_flush under xfrm_state_lock 2017-09-28 09:39:05 +02:00
xfrm_sysctl.c net: xfrm: Change u32 sysctl entries to use proc_douintvec 2016-09-07 23:17:53 -07:00
xfrm_user.c ipsec: Fix aborted xfrm policy dump crash 2017-10-23 09:35:48 +02:00