mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-30 16:07:39 +00:00
1137b5e252
An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.
The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash. This can be
triggered if a dump fails because the target socket's receive
buffer is full.
This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.
Fixes:
|
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
xfrm_algo.c | ||
xfrm_device.c | ||
xfrm_hash.c | ||
xfrm_hash.h | ||
xfrm_input.c | ||
xfrm_ipcomp.c | ||
xfrm_output.c | ||
xfrm_policy.c | ||
xfrm_proc.c | ||
xfrm_replay.c | ||
xfrm_state.c | ||
xfrm_sysctl.c | ||
xfrm_user.c |