evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/xfrm
History
Herbert Xu 8bfafc972a xfrm: Copy policy family in clone_policy 
[ Upstream commit 0e74aa1d79a5bbc663e03a2804399cae418a0321 ]

The syzbot found an ancient bug in the IPsec code.  When we cloned
a socket policy (for example, for a child TCP socket derived from a
listening socket), we did not copy the family field.  This results
in a live policy with a zero family field.  This triggers a BUG_ON
check in the af_key code when the cloned policy is retrieved.

This patch fixes it by copying the family field over.

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-12-16 10:33:55 +01:00
..
Kconfig
Makefile
xfrm_algo.c ipsec: Replace seqniv with seqiv 2015-08-17 16:53:42 +08:00
xfrm_hash.c
xfrm_hash.h
xfrm_input.c xfrm: Fix crash observed during device unregistration and decryption 2016-04-20 15:42:05 +09:00
xfrm_ipcomp.c
xfrm_output.c net: preserve IP control block during GSO segmentation 2016-01-31 11:29:00 -08:00
xfrm_policy.c xfrm: Copy policy family in clone_policy 2017-12-16 10:33:55 +01:00
xfrm_proc.c
xfrm_replay.c xfrm: Always zero high-order sequence number bits 2015-05-21 06:56:23 +02:00
xfrm_state.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
xfrm_sysctl.c
xfrm_user.c ipsec: Fix aborted xfrm policy dump crash 2017-12-05 11:22:49 +01:00