redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/xfrm
History
Steffen Klassert 9a54c51001 xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. 
[ Upstream commit 732706afe1 ]

On policies with a transport mode template, we pass the addresses
from the flowi to xfrm_state_find(), assuming that the IP addresses
(and address family) don't change during transformation.

Unfortunately our policy template validation is not strict enough.
It is possible to configure policies with transport mode template
where the address family of the template does not match the selectors
address family. This lead to stack-out-of-bound reads because
we compare arddesses of the wrong family. Fix this by refusing
such a configuration, address family can not change on transport
mode.

We use the assumption that, on transport mode, the first templates
address family must match the address family of the policy selector.
Subsequent transport mode templates must mach the address family of
the previous template.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-02-25 11:05:49 +01:00
..
Kconfig net/xfrm: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:03 -08:00
Makefile xfrm: make xfrm_algo.c a module 2012-05-15 13:13:34 -04:00
xfrm_algo.c xfrm: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: hash prefixed policies based on preflen thresholds 2014-09-02 13:29:44 +02:00
xfrm_input.c net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key 2016-08-11 13:15:57 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
xfrm_output.c xfrm: Reset encapsulation field of the skb before transformation 2016-03-17 10:28:44 +01:00
xfrm_policy.c xfrm: Fix stack-out-of-bounds read on socket policy lookup. 2018-02-25 11:05:40 +01:00
xfrm_proc.c proc: Reduce cache miss in xfrm_statistics_seq_show 2016-09-30 01:50:45 -04:00
xfrm_replay.c xfrm: constify xfrm_replay structures 2016-08-10 11:18:49 +02:00
xfrm_state.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2016-09-24 08:18:19 -04:00
xfrm_sysctl.c net: xfrm: Change u32 sysctl entries to use proc_douintvec 2016-09-07 23:17:53 -07:00
xfrm_user.c xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. 2018-02-25 11:05:49 +01:00