android_kernel_oneplus_msm8998/net/xfrm
Herbert Xu 8bfafc972a xfrm: Copy policy family in clone_policy
[ Upstream commit 0e74aa1d79a5bbc663e03a2804399cae418a0321 ]

The syzbot found an ancient bug in the IPsec code.  When we cloned
a socket policy (for example, for a child TCP socket derived from a
listening socket), we did not copy the family field.  This results
in a live policy with a zero family field.  This triggers a BUG_ON
check in the af_key code when the cloned policy is retrieved.

This patch fixes it by copying the family field over.

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-16 10:33:55 +01:00
..
Kconfig net/xfrm: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:03 -08:00
Makefile xfrm: make xfrm_algo.c a module 2012-05-15 13:13:34 -04:00
xfrm_algo.c ipsec: Replace seqniv with seqiv 2015-08-17 16:53:42 +08:00
xfrm_hash.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
xfrm_hash.h xfrm: hash prefixed policies based on preflen thresholds 2014-09-02 13:29:44 +02:00
xfrm_input.c xfrm: Fix crash observed during device unregistration and decryption 2016-04-20 15:42:05 +09:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-11-04 13:48:30 -05:00
xfrm_output.c net: preserve IP control block during GSO segmentation 2016-01-31 11:29:00 -08:00
xfrm_policy.c xfrm: Copy policy family in clone_policy 2017-12-16 10:33:55 +01:00
xfrm_proc.c net: clean up snmp stats code 2014-05-07 16:06:05 -04:00
xfrm_replay.c xfrm: Always zero high-order sequence number bits 2015-05-21 06:56:23 +02:00
xfrm_state.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
xfrm_sysctl.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
xfrm_user.c ipsec: Fix aborted xfrm policy dump crash 2017-12-05 11:22:49 +01:00