linux/net
Florian Westphal d97ca5d714 xfrm_user: uncoditionally validate esn replay attribute struct
The sanity test added in ecd7918745 can be bypassed, validation
only occurs if XFRM_STATE_ESN flag is set, but rest of code doesn't care
and just checks if the attribute itself is present.

So always validate.  Alternative is to reject if we have the attribute
without the flag but that would change abi.

Reported-by: syzbot+0ab777c27d2bb7588f73@syzkaller.appspotmail.com
Cc: Mathias Krause <minipli@googlemail.com>
Fixes: ecd7918745 ("xfrm_user: ensure user supplied esn replay window is valid")
Fixes: d8647b79c3 ("xfrm: Add user interface for esn and big anti-replay windows")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2018-02-13 09:12:09 +01:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-30 17:58:07 -08:00
802 treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
8021q net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
appletalk net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
ax25 net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
bpf
bridge net: bridge: Fix uninitialized error in br_fdb_sync_static() 2018-02-01 09:47:37 -05:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
can can: migrate documentation to restructured text 2018-01-26 10:46:44 +01:00
ceph We have a set of file locking improvements from Zheng, rbd rw/ro 2017-11-21 05:38:32 -10:00
core rtnetlink: remove check for IFLA_IF_NETNSID 2018-02-01 10:09:50 -05:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
dns_resolver KEYS: Fix race between updating and finding a negative key 2017-10-18 09:12:40 +01:00
dsa net: dsa: Support internal phy on 'cpu' port 2018-01-23 19:22:38 -05:00
ethernet
hsr net: hsr: Convert timers to use timer_setup() 2017-10-25 13:00:27 +09:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 net: igmp: add a missing rcu locking section 2018-02-01 14:58:04 -05:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2018-02-01 14:41:46 -05:00
ipx net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
iucv net: annotate ->poll() instances 2017-11-27 16:20:04 -05:00
kcm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-24 23:44:15 -05:00
key af_key: Fix memory leak in key_notify_policy. 2018-01-10 09:45:11 +01:00
l2tp l2tp: remove switch block in l2tp_nl_cmd_session_create() 2018-01-19 15:10:23 -05:00
l3mdev
lapb treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
llc net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
mac80211 debugfs_sta: Remove unneeded semicolons 2018-01-22 14:03:28 +01:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
mpls net: use rtnl_register_module where needed 2017-12-04 11:32:39 -05:00
ncsi net/ncsi: Don't take any action on HNCDSC AEN 2017-12-18 14:50:11 -05:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2018-02-01 14:41:46 -05:00
netlabel net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
netrom net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
nfc net: annotate ->poll() instances 2017-11-27 16:20:04 -05:00
nsh openvswitch: enable NSH support 2017-11-08 16:12:33 +09:00
openvswitch openvswitch: Remove padding from packet before L3+ conntrack processing 2018-02-01 09:46:22 -05:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
phonet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr net: use rtnl_register_module where needed 2017-12-04 11:32:39 -05:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
rfkill net: annotate ->poll() instances 2017-11-27 16:20:04 -05:00
rose net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
sched net: create skb_gso_validate_mac_len() 2018-02-01 09:36:03 -05:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
strparser strparser: Call sock_owned_by_user_nocheck 2017-12-28 14:28:22 -05:00
sunrpc NFS client updates for Linux 4.16 2018-01-30 19:03:48 -08:00
switchdev net: bridge: Add/del switchdev object on host join/leave 2017-11-10 13:41:40 +09:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
tls tls: Add support for encryption using async offload accelerator 2018-01-31 10:26:30 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
vmw_vsock Merge branch 'misc.poll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2018-01-30 17:58:07 -08:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless lift handling of SIOCIW... out of dev_ioctl() 2018-01-24 19:13:45 -05:00
x25 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
xfrm xfrm_user: uncoditionally validate esn replay attribute struct 2018-02-13 09:12:09 +01:00
compat.c
Kconfig netfilter: don't allocate space for arp/bridge hooks unless needed 2018-01-08 18:01:11 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-01-31 14:31:10 -08:00
sysctl_net.c