| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Aug 2020 10:46:31 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: Antony Antony <antony.antony@...unet.com>
CC: <netdev@...r.kernel.org>, Herbert Xu <herbert@...dor.apana.org.au>,
"Antony Antony" <antony@...nome.org>
Subject: Re: [PATCH 3/3] xfrm: clone XFRMA_SEC_CTX during xfrm_do_migrate
On Thu, Aug 20, 2020 at 08:16:08PM +0200, Antony Antony wrote:
> XFRMA_SEC_CTX was not cloned from the old to the new.
> Migrate this attribute during XFRMA_MSG_MIGRATE
>
> Signed-off-by: Antony Antony <antony.antony@...unet.com>
> ---
> net/xfrm/xfrm_state.c | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index 20a12c67a931..dbcb71b800b8 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
> @@ -1441,6 +1441,30 @@ int xfrm_state_add(struct xfrm_state *x)
> EXPORT_SYMBOL(xfrm_state_add);
>
> #ifdef CONFIG_XFRM_MIGRATE
> +static inline bool clone_security(struct xfrm_state *x, struct xfrm_sec_ctx *security)
> +{
> + struct xfrm_user_sec_ctx *uctx;
> + int size = sizeof(*uctx) + security->ctx_len;
> + int err;
> +
> + uctx = kmalloc(size, GFP_KERNEL);
> + if (!uctx)
> + return true;
> +
> + uctx->exttype = XFRMA_SEC_CTX;
> + uctx->len = size;
> + uctx->ctx_doi = security->ctx_doi;
> + uctx->ctx_alg = security->ctx_alg;
> + uctx->ctx_len = security->ctx_len;
> + memcpy(uctx + 1, security->ctx_str, security->ctx_len);
> + err = security_xfrm_state_alloc(x, uctx);
> + kfree(uctx);
> + if (err)
> + return true;
Returning 'true' on memory allocation errors is a bit odd,
please return -ENOMEM instead.
Powered by blists - more mailing lists