leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dbd7ae5154
linux/net
History
Dmitry Safonov dbd7ae5154 xfrm/compat: Translate by copying XFRMA_UNSPEC attribute 
xfrm_xlate32() translates 64-bit message provided by kernel to be sent
for 32-bit listener (acknowledge or monitor). Translator code doesn't
expect XFRMA_UNSPEC attribute as it doesn't know its payload.
Kernel never attaches such attribute, but a user can.

I've searched if any opensource does it and the answer is no.
Nothing on github and google finds only tfcproject that has such code
commented-out.

What will happen if a user sends a netlink message with XFRMA_UNSPEC
attribute? Ipsec code ignores this attribute. But if there is a
monitor-process or 32-bit user requested ack - kernel will try to
translate such message and will hit WARN_ONCE() in xfrm_xlate64_attr().

Deal with XFRMA_UNSPEC by copying the attribute payload with
xfrm_nla_cpy(). In result, the default switch-case in xfrm_xlate64_attr()
becomes an unused code. Leave those 3 lines in case a new xfrm attribute
will be added.

Fixes: 5461fc0c8d ("xfrm/compat: Add 64=>32-bit messages translator")
Reported-by: syzbot+a7e701c8385bd8543074@syzkaller.appspotmail.com
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2020-11-09 07:34:56 +01:00
..
6lowpan
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-10-12 10:05:47 +02:00
802
8021q net: vlan: Fixed signedness in vlan_group_prealloc_vid() 2020-09-28 00:51:39 -07:00
appletalk
atm net: atm: fix update of position index in lec_seq_next 2020-10-31 12:26:30 -07:00
ax25
batman-adv genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
bluetooth Bluetooth: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
bpf bpf: fix raw_tp test run in preempt kernel 2020-09-30 08:34:08 -07:00
bpfilter Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" 2020-10-15 12:33:24 -07:00
bridge netfilter: ebtables: Fixes dropping of small packets in bridge nat 2020-10-20 13:54:53 +02:00
caif
can can: isotp: padlen(): make const array static, makes object smaller 2020-11-03 22:30:32 +01:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-10-12 15:29:27 +02:00
core Networking fixes for 5.10-rc2. 2020-10-29 12:55:02 -07:00
dcb
dccp inet: remove icsk_ack.blocked 2020-09-30 14:21:30 -07:00
decnet
dns_resolver
dsa net: dsa: tag_ksz: KSZ8795 and KSZ9477 also use tail tags 2020-10-19 17:32:50 -07:00
ethernet
ethtool ethtool: correct policy for ETHTOOL_MSG_CHANNELS_SET 2020-10-08 16:06:01 -07:00
hsr genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
ieee802154 genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
ife
ipv4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-11-04 08:12:52 -08:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-11-04 08:12:52 -08:00
iucv net/iucv: fix indentation in __iucv_message_receive() 2020-10-03 16:51:07 -07:00
kcm
key
l2tp genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
l3mdev
lapb
llc
mac80211 mac80211: don't require VHT elements for HE on 2.4 GHz 2020-10-30 10:22:42 +01:00
mac802154
mpls mpls: load mpls_gso after mpls_iptunnel 2020-10-20 21:16:45 -07:00
mptcp mptcp: token: fix unititialized variable 2020-11-03 13:08:30 -08:00
ncsi genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
netfilter netfilter: ipset: Update byte and packet counters regardless of whether they match 2020-10-31 11:11:11 +01:00
netlabel genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
netlink netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
netrom
nfc nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() 2020-10-20 17:06:22 -07:00
nsh
openvswitch net: openvswitch: silence suspicious RCU usage warning 2020-11-03 16:57:42 -08:00
packet net/packet: Fix a comment about network_header 2020-09-19 16:40:48 -07:00
phonet
psample genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
qrtr net: qrtr: ns: Fix the incorrect usage of rcu_read_lock() 2020-10-06 06:01:35 -07:00
rds RDMA: Add rdma_connect_locked() 2020-10-28 09:14:49 -03:00
rfkill
rose
rxrpc rxrpc: Fix loss of final ack on shutdown 2020-10-15 13:28:00 +01:00
sched netem: fix zero division in tabledist 2020-10-29 11:45:47 -07:00
sctp sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms 2020-11-02 15:03:25 -08:00
smc flexible-array member conversion patches for 5.10-rc2 2020-10-31 14:31:28 -07:00
strparser
sunrpc The one new feature this time, from Anna Schumaker, is READ_PLUS, which 2020-10-22 09:44:27 -07:00
switchdev net: switchdev: Fixed kerneldoc warning 2020-09-23 17:46:31 -07:00
tipc Networking fixes for 5.10-rc2. 2020-10-29 12:55:02 -07:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-15 12:43:21 -07:00
unix networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
vmw_vsock vsock: use ns_capable_noaudit() on socket create 2020-10-26 16:22:42 -07:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless cfg80211: regulatory: Fix inconsistent format argument 2020-10-30 10:06:56 +01:00
x25
xdp xsk: Fix possible memory leak at socket close 2020-10-29 15:19:56 +01:00
xfrm xfrm/compat: Translate by copying XFRMA_UNSPEC attribute 2020-11-09 07:34:56 +01:00
compat.c iov_iter: transparently handle compat iovecs in import_iovec 2020-10-03 00:02:13 -04:00
devres.c
Kconfig drop_monitor: Convert to using devlink tracepoint 2020-09-30 18:01:26 -07:00
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-10-05 18:40:01 -07:00
sysctl_net.c