| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <6d87af76cc3c311647c961e2f94e026bb15869d8.1582556221.git.lucien.xin@gmail.com>
Date: Mon, 24 Feb 2020 09:57:01 -0500
From: Xin Long <lucien.xin@...il.com>
To: network dev <netdev@...r.kernel.org>
Cc: stephen@...workplumber.org, steffen.klassert@...unet.com,
sd@...asysnail.net
Subject: [PATCH iproute2] xfrm: not try to delete ipcomp states when using deleteall
In kernel space, ipcomp(sub) states used by main states are not
allowed to be deleted by users, they would be freed only when
all main states are destroyed and no one uses them.
In user space, ip xfrm sta deleteall doesn't filter these ipcomp
states out, and it causes errors:
# ip xfrm state add src 192.168.0.1 dst 192.168.0.2 spi 0x1000 \
proto comp comp deflate mode tunnel sel src 192.168.0.1 dst \
192.168.0.2 proto gre
# ip xfrm sta deleteall
Failed to send delete-all request
: Operation not permitted
This patch is to fix it by filtering ipcomp states with a check
xsinfo->id.proto == IPPROTO_IPIP.
Fixes: c7699875bee0 ("Import patch ipxfrm-20040707_2.diff")
Signed-off-by: Xin Long <lucien.xin@...il.com>
---
ip/xfrm_state.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index f2727070..428a5837 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -1131,6 +1131,9 @@ static int xfrm_state_keep(struct nlmsghdr *n, void *arg)
if (!xfrm_state_filter_match(xsinfo))
return 0;
+ if (xsinfo->id.proto == IPPROTO_IPIP)
+ return 0;
+
if (xb->offset > xb->size) {
fprintf(stderr, "State buffer overflow\n");
return -1;
--
2.18.1
Powered by blists - more mailing lists