android_kernel_oneplus_msm8998/net/xfrm
Herbert Xu b377c453b3 ipsec: Fix aborted xfrm policy dump crash
commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 upstream.

An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.

The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash.  This can be
triggered if a dump fails because the target socket's receive
buffer is full.

This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.

Fixes: 12a169e7d8 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-05 11:22:49 +01:00
..
Kconfig net/xfrm: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:03 -08:00
Makefile xfrm: make xfrm_algo.c a module 2012-05-15 13:13:34 -04:00
xfrm_algo.c ipsec: Replace seqniv with seqiv 2015-08-17 16:53:42 +08:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: hash prefixed policies based on preflen thresholds 2014-09-02 13:29:44 +02:00
xfrm_input.c xfrm: Fix crash observed during device unregistration and decryption 2016-04-20 15:42:05 +09:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
xfrm_output.c net: preserve IP control block during GSO segmentation 2016-01-31 11:29:00 -08:00
xfrm_policy.c xfrm: policy: check policy direction value 2017-09-07 08:34:09 +02:00
xfrm_proc.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
xfrm_replay.c xfrm: Always zero high-order sequence number bits 2015-05-21 06:56:23 +02:00
xfrm_state.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
xfrm_sysctl.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
xfrm_user.c ipsec: Fix aborted xfrm policy dump crash 2017-12-05 11:22:49 +01:00