ipsec: Fix aborted xfrm policy dump crash - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Herbert Xu <herbert@gondor.apana.org.au>	2017-10-19 20:51:10 +0800
committer	Moyster <oysterized@gmail.com>	2018-04-13 14:52:21 +0200
commit	04f797717f72d8581af65409bc3ebbaea38fa729 (patch)
tree	3f275ab4afa88a0a4f5646b2defb764331113fab /lib/asn1_decoder.c
parent	39977a83d4d8cd5e8b22ca9111a4b05851c4c418 (diff)

ipsec: Fix aborted xfrm policy dump crash

An independent security researcher, Mohamed Ghannam, has reported this vulnerability to Beyond Security's SecuriTeam Secure Disclosure program. The xfrm_dump_policy_done function expects xfrm_dump_policy to have been called at least once or it will crash. This can be triggered if a dump fails because the target socket's receive buffer is full. This patch fixes it by using the cb->start mechanism to ensure that the initialisation is always done regardless of the buffer situation. Change-Id: Id41cdd41c4e43e0c3ac30c5d03c15b8046d70845 Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Diffstat (limited to 'lib/asn1_decoder.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: