xfrm: Validate address prefix lengths in the xfrm selector. - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Steffen Klassert <steffen.klassert@secunet.com>	2018-08-01 13:45:11 +0200
committer	Moyster <oysterized@gmail.com>	2019-05-03 19:24:03 +0200
commit	a8614988634e797604befa9c05fef0aa863cabc1 (patch)
tree	4d82243f24a40cb53b9e3bb97a5510dab7d3a835 /net/wireless
parent	770d5ebf73562194e1ab962768756a080722acb2 (diff)

xfrm: Validate address prefix lengths in the xfrm selector.

commit 07bf7908950a8b14e81aa1807e3c667eab39287a upstream. We don't validate the address prefix lengths in the xfrm selector we got from userspace. This can lead to undefined behaviour in the address matching functions if the prefix is too big for the given address family. Fix this by checking the prefixes and refuse SA/policy insertation when a prefix is invalid. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Change-Id: Ib965f595afaa6fba0c1d11241d7a6fbbb0e9a19c Reported-by: Air Icy <icytxw@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'net/wireless')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: