| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jul 2018 03:31:31 +0100
From: Dmitry Safonov <dima@...sta.com>
To: linux-kernel@...r.kernel.org
Cc: Dmitry Safonov <dima@...sta.com>,
"David S. Miller" <davem@...emloft.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
Steffen Klassert <steffen.klassert@...unet.com>,
Dmitry Safonov <0x7f454c46@...il.com>, netdev@...r.kernel.org
Subject: [PATCH 05/18] net/xfrm: Parse userspi_info{,_packed} depending on syscall
Struct xfrm_userspi_info differs in size between 64-bit/32-bit UAPI
because of (possible) padding of xfrm_usersa_info:
32-bit 64-bit
----------------------------------------------------------------------
sizeof(xfrm_userspi_info) = 228 | sizeof(xfrm_userspi_info) = 232
xfrm_userspi_info::info = 0 | xfrm_userspi_info::info = 0
xfrm_userspi_info::min = 220 | xfrm_userspi_info::min = 224
xfrm_userspi_info::max = 224 | xfrm_userspi_info::max = 228
xfrm_alloc_userspi() can handle both UAPI by checking the type of
send() syscall used by userspace with XFRM_MSG_ALLOCSPI.
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@...unet.com>
Cc: netdev@...r.kernel.org
Signed-off-by: Dmitry Safonov <dima@...sta.com>
---
net/xfrm/xfrm_user.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b382cdd3bef6..bf2ca93edaf5 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -61,6 +61,12 @@ struct xfrm_userpolicy_info_packed {
__u8 share;
} __packed;
+struct xfrm_userspi_info_packed {
+ struct xfrm_usersa_info_packed info;
+ __u32 min;
+ __u32 max;
+} __packed;
+
static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
{
struct nlattr *rt = attrs[type];
@@ -1279,11 +1285,21 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
xfrm_address_t *daddr;
int family;
int err;
- u32 mark;
+ u32 mark, spi_min, spi_max;
struct xfrm_mark m;
p = nlmsg_data(nlh);
- err = verify_spi_info(p->info.id.proto, p->min, p->max);
+ if (in_compat_syscall()) {
+ struct xfrm_userspi_info_packed *_p = nlmsg_data(nlh);
+
+ spi_min = _p->min;
+ spi_max = _p->max;
+ } else {
+ spi_min = p->min;
+ spi_max = p->max;
+ }
+
+ err = verify_spi_info(p->info.id.proto, spi_min, spi_max);
if (err)
goto out_noput;
@@ -1310,7 +1326,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
if (x == NULL)
goto out_noput;
- err = xfrm_alloc_spi(x, p->min, p->max);
+ err = xfrm_alloc_spi(x, spi_min, spi_max);
if (err)
goto out;
--
2.13.6
Powered by blists - more mailing lists