Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-25 21:51:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
7c76ecd9c9
linux/net/xfrm
History
Leon Romanovsky 7c76ecd9c9 xfrm: enforce validity of offload input flags 
struct xfrm_user_offload has flags variable that received user input,
but kernel didn't check if valid bits were provided. It caused a situation
where not sanitized input was forwarded directly to the drivers.

For example, XFRM_OFFLOAD_IPV6 define that was exposed, was used by
strongswan, but not implemented in the kernel at all.

As a solution, check and sanitize input flags to forward
XFRM_OFFLOAD_INBOUND to the drivers.

Fixes: d77e38e612 ("xfrm: Add an IPsec hardware offloading API")
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2022-02-09 09:00:40 +01:00
..
espintcp.c espintcp: restore IP CB before handing the packet to xfrm 2020-08-17 15:58:04 +02:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: Provide API to register translator module 2020-09-24 08:53:03 +02:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c xfrm: rate limit SA mapping change message to user space 2021-12-23 09:32:51 +01:00
xfrm_device.c xfrm: enforce validity of offload input flags 2022-02-09 09:00:40 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: update SA curlft.use_time 2021-12-23 09:32:50 +01:00
xfrm_interface.c xfrm: fix the if_id check in changelink 2022-02-03 08:02:05 +01:00
xfrm_ipcomp.c net: xfrm: Fix end of loop tests for list_for_each_entry 2021-07-26 12:26:28 +02:00
xfrm_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-01-09 17:00:17 -08:00
xfrm_policy.c xfrm: Check if_id in xfrm_migrate 2022-01-26 07:44:01 +01:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: remove last replay indirection 2021-06-21 09:55:06 +02:00
xfrm_state.c Revert "xfrm: xfrm_state_mtu should return at least 1280 for ipv6" 2022-01-27 07:34:06 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: Check if_id in xfrm_migrate 2022-01-26 07:44:01 +01:00