Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-12 00:38:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-next/net/xfrm
History
Leon Romanovsky 7c76ecd9c9 xfrm: enforce validity of offload input flags 
struct xfrm_user_offload has flags variable that received user input,
but kernel didn't check if valid bits were provided. It caused a situation
where not sanitized input was forwarded directly to the drivers.

For example, XFRM_OFFLOAD_IPV6 define that was exposed, was used by
strongswan, but not implemented in the kernel at all.

As a solution, check and sanitize input flags to forward
XFRM_OFFLOAD_INBOUND to the drivers.

Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2022-02-09 09:00:40 +01:00
..
espintcp.c
espintcp: restore IP CB before handing the packet to xfrm
2020-08-17 15:58:04 +02:00
Kconfig
xfrm/compat: Add 32=>64-bit messages translator
2020-09-24 08:53:03 +02:00
Makefile
xfrm: Provide API to register translator module
2020-09-24 08:53:03 +02:00
xfrm_algo.c
xfrm: Add support for SM4 symmetric cipher algorithm
2021-12-23 09:32:51 +01:00
xfrm_compat.c
xfrm: rate limit SA mapping change message to user space
2021-12-23 09:32:51 +01:00
xfrm_device.c
xfrm: enforce validity of offload input flags
2022-02-09 09:00:40 +01:00
xfrm_hash.c
mm: remove include/linux/bootmem.h
2018-10-31 08:54:16 -07:00
xfrm_hash.h
xfrm: add state hashtable keyed by seq
2021-05-14 13:52:01 +02:00
xfrm_inout.h
xfrm: move xfrm4_extract_header to common helper
2020-05-06 09:40:08 +02:00
xfrm_input.c
xfrm: update SA curlft.use_time
2021-12-23 09:32:50 +01:00
xfrm_interface.c
xfrm: fix the if_id check in changelink
2022-02-03 08:02:05 +01:00
xfrm_ipcomp.c
net: xfrm: Fix end of loop tests for list_for_each_entry
2021-07-26 12:26:28 +02:00
xfrm_output.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-01-09 17:00:17 -08:00
xfrm_policy.c
xfrm: Check if_id in xfrm_migrate
2022-01-26 07:44:01 +01:00
xfrm_proc.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
xfrm_replay.c
xfrm: replay: remove last replay indirection
2021-06-21 09:55:06 +02:00
xfrm_state.c
Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6"
2022-01-27 07:34:06 +01:00
xfrm_sysctl.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm_user.c
xfrm: Check if_id in xfrm_migrate
2022-01-26 07:44:01 +01:00