korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 01:04:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
d675c05b79
linux/net/xfrm
History
Leon Romanovsky 4020d2e14f xfrm: enforce validity of offload input flags 
commit 7c76ecd9c9 upstream.

struct xfrm_user_offload has flags variable that received user input,
but kernel didn't check if valid bits were provided. It caused a situation
where not sanitized input was forwarded directly to the drivers.

For example, XFRM_OFFLOAD_IPV6 define that was exposed, was used by
strongswan, but not implemented in the kernel at all.

As a solution, check and sanitize input flags to forward
XFRM_OFFLOAD_INBOUND to the drivers.

Fixes: d77e38e612 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-03-08 19:12:44 +01:00
..
espintcp.c espintcp: restore IP CB before handing the packet to xfrm 2020-08-17 15:58:04 +02:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: Provide API to register translator module 2020-09-24 08:53:03 +02:00
xfrm_algo.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
xfrm_compat.c xfrm: rate limit SA mapping change message to user space 2022-01-27 11:04:49 +01:00
xfrm_device.c xfrm: enforce validity of offload input flags 2022-03-08 19:12:44 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: replay: avoid replay indirection 2021-06-21 09:55:06 +02:00
xfrm_interface.c xfrm: fix the if_id check in changelink 2022-03-08 19:12:44 +01:00
xfrm_ipcomp.c net: xfrm: Fix end of loop tests for list_for_each_entry 2021-07-26 12:26:28 +02:00
xfrm_output.c net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path 2022-01-27 11:03:49 +01:00
xfrm_policy.c xfrm: Don't accidentally set RTO_ONLINK in decode_session4() 2022-01-27 11:05:36 +01:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: remove last replay indirection 2021-06-21 09:55:06 +02:00
xfrm_state.c xfrm: rate limit SA mapping change message to user space 2022-01-27 11:04:49 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: rate limit SA mapping change message to user space 2022-01-27 11:04:49 +01:00