| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200711190853.lAJ8ro9f006107@faith.austin.ibm.com>
Date: Mon, 19 Nov 2007 02:53:50 -0600
From: Joy Latten <latten@...tin.ibm.com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, herbert@...dor.apana.org.au
Subject: [PATCH 1/1]: SAs created although tmpl->optional set
Although tmpl->optional is set, kernel still attempts
to create a set of SAs.
In xfrm_tmpl_resolve_one(), xfrm_state_find() is called
to find an SA. First time, there won't be an SA, so an
ACQUIRE will be sent and code then returns to
xfrm_tmpl_resolv_one() who then checks tmpl->optional.
Since tmpl->optional is set, the xfrm code will then
allow flow to pass not transformed.
I may have misinterpreted semantics of tmpl->optional,
(I thought it meant use an SA only if there is one, otherwise
do not transform) but do we want to create an SA as well as
send flow without xfrm'ing?
regards,
Joy
Signed-off-by: Joy Latten <latten@...tin.ibm.com>
diff -urpN linux-2.6.orig/net/xfrm/xfrm_state.c linux-2.6.spd/net/xfrm/xfrm_state.c
--- linux-2.6.orig/net/xfrm/xfrm_state.c 2007-11-18 16:53:16.000000000 -0600
+++ linux-2.6.spd/net/xfrm/xfrm_state.c 2007-11-18 23:38:08.000000000 -0600
@@ -814,6 +814,12 @@ xfrm_state_find(xfrm_address_t *daddr, x
error = -EEXIST;
goto out;
}
+
+ if (tmpl->optional) {
+ error = 0;
+ goto out;
+ }
+
x = xfrm_state_alloc();
if (x == NULL) {
error = -ENOMEM;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists