diff options
| author | Irvine | 2017-12-26 08:38:50 +0000 |
|---|---|---|
| committer | Irvine | 2017-12-26 08:38:50 +0000 |
| commit | eab8782a81b9b041bd97a0562ad76af20ba53997 (patch) | |
| tree | 0b37f846ad3155dbe592574ae8681c70b70a0bb8 /Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch | |
| parent | bc5422ab98ca44bb89a707d89c467211c623bd15 (diff) | |
| download | aur-eab8782a81b9b041bd97a0562ad76af20ba53997.tar.gz | |
Sync with linux-hardened-4.14.9.-1
Diffstat (limited to 'Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch')
| -rw-r--r-- | Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch b/Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch new file mode 100644 index 000000000000..f0147a5c003a --- /dev/null +++ b/Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find.patch @@ -0,0 +1,71 @@ +From 94802151894d482e82c324edf2c658f8e6b96508 Mon Sep 17 00:00:00 2001 +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Wed, 15 Nov 2017 06:40:57 +0100 +Subject: [PATCH] Revert "xfrm: Fix stack-out-of-bounds read in + xfrm_state_find." + +This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. + +This commit breaks transport mode when the policy template +has widlcard addresses configured, so revert it. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 2a6093840e7e..6bc16bb61b55 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, + struct net *net = xp_net(policy); + int nx; + int i, error; ++ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); ++ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); + xfrm_address_t tmp; + + for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { + struct xfrm_state *x; +- xfrm_address_t *local; +- xfrm_address_t *remote; ++ xfrm_address_t *remote = daddr; ++ xfrm_address_t *local = saddr; + struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; + +- remote = &tmpl->id.daddr; +- local = &tmpl->saddr; +- if (xfrm_addr_any(local, tmpl->encap_family)) { +- error = xfrm_get_saddr(net, fl->flowi_oif, +- &tmp, remote, +- tmpl->encap_family, 0); +- if (error) +- goto fail; +- local = &tmp; ++ if (tmpl->mode == XFRM_MODE_TUNNEL || ++ tmpl->mode == XFRM_MODE_BEET) { ++ remote = &tmpl->id.daddr; ++ local = &tmpl->saddr; ++ if (xfrm_addr_any(local, tmpl->encap_family)) { ++ error = xfrm_get_saddr(net, fl->flowi_oif, ++ &tmp, remote, ++ tmpl->encap_family, 0); ++ if (error) ++ goto fail; ++ local = &tmp; ++ } + } + + x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); + + if (x && x->km.state == XFRM_STATE_VALID) { + xfrm[nx++] = x; ++ daddr = remote; ++ saddr = local; + continue; + } + if (x) { +-- +2.15.1 + |