mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 15:18:19 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/xfrm
History
Hangyu Hua 2c9d93e35c xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() 
[ Upstream commit f85daf0e72 ]

xfrm_policy_lookup() will call xfrm_pol_hold_rcu() to get a refcount of
pols[0]. This refcount can be dropped in xfrm_expand_policies() when
xfrm_expand_policies() return error. pols[0]'s refcount is balanced in
here. But xfrm_bundle_lookup() will also call xfrm_pols_put() with
num_pols == 1 to drop this refcount when xfrm_expand_policies() return
error.

This patch also fix an illegal address access. pols[0] will save a error
point when xfrm_policy_lookup fails. This lead to xfrm_pols_put to resolve
an illegal address in xfrm_bundle_lookup's error path.

Fix these by setting num_pols = 0 in xfrm_expand_policies()'s error path.

Fixes: 80c802f307 ("xfrm: cache bundles instead of policies for outgoing flows")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-29 17:06:49 +02:00
..
Kconfig ipsec: select crypto ciphers for xfrm_algo 2019-07-31 07:28:27 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_algo.c
xfrm_device.c xfrm: enforce validity of offload input flags 2022-03-08 19:01:56 +01:00
xfrm_hash.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_hash.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_input.c xfrm: Fix oops in xfrm_replay_advance_bmp 2021-02-03 23:22:22 +01:00
xfrm_ipcomp.c net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() 2018-04-08 14:26:29 +02:00
xfrm_output.c xfrm: fix a NULL-ptr deref in xfrm_local_error 2020-06-03 08:18:06 +02:00
xfrm_policy.c xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() 2022-07-29 17:06:49 +02:00
xfrm_proc.c
xfrm_replay.c xfrm: Fix ESN sequence number handling for IPsec GSO packets. 2018-05-30 07:52:08 +02:00
xfrm_state.c xfrm: Fix xfrm migrate issues when address family changes 2022-03-23 09:01:34 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: policy: match with both mark and mask on user interfaces 2022-04-20 09:08:31 +02:00