Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-12-29 17:25:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-6.1.y
linux-stable/net/xfrm
History
Sabrina Dubroca bce1afaa21 xfrm: validate new SA's prefixlen using SA family when sel.family is unset 
[ Upstream commit 3f0ab59e65 ]

This expands the validation introduced in commit 07bf790895 ("xfrm:
Validate address prefix lengths in the xfrm selector.")

syzbot created an SA with
    usersa.sel.family = AF_UNSPEC
    usersa.sel.prefixlen_s = 128
    usersa.family = AF_INET

Because of the AF_UNSPEC selector, verify_newsa_info doesn't put
limits on prefixlen_{s,d}. But then copy_from_user_state sets
x->sel.family to usersa.family (AF_INET). Do the same conversion in
verify_newsa_info before validating prefixlen_{s,d}, since that's how
prefixlen is going to be used later on.

Reported-by: syzbot+cc39f136925517aed571@syzkaller.appspotmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-01 01:56:07 +01:00
..
espintcp.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c 2023-06-28 11:12:28 +02:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure 2023-08-23 17:52:32 +02:00
xfrm_device.c xfrm: extract dst lookup parameters into a struct 2024-11-01 01:56:03 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: Preserve vlan tags for transport mode software GRO 2024-05-17 11:56:10 +02:00
xfrm_interface_core.c xfrm: interface: use DEV_STATS_INC() 2023-10-25 12:03:06 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c xfrm: Remove inner/outer modes from output path 2024-02-23 09:12:41 +01:00
xfrm_policy.c xfrm: respect ip protocols rules criteria when performing dst lookups 2024-11-01 01:56:03 +01:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:33:38 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: validate new SA's prefixlen using SA family when sel.family is unset 2024-11-01 01:56:07 +01:00