lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250707160503.2834390-1-haoxiang_li2024@163.com>
Date: Tue,  8 Jul 2025 00:05:03 +0800
From: Haoxiang Li <haoxiang_li2024@....com>
To: steffen.klassert@...unet.com,
	herbert@...dor.apana.org.au,
	davem@...emloft.net,
	edumazet@...gle.com,
	kuba@...nel.org,
	pabeni@...hat.com,
	horms@...nel.org
Cc: netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Haoxiang Li <haoxiang_li2024@....com>
Subject: [PATCH v2] af_key: Add check for the return value of pfkey_sadb2xfrm_user_sec_ctx()

Add check for the return value of pfkey_sadb2xfrm_user_sec_ctx()
in pfkey_compile_policy(), and set proper error flag.

Signed-off-by: Haoxiang Li <haoxiang_li2024@....com>
---
Changes in v2:
- Set error flag '*dir' properly.
- Hi, Steffen! I know that inside pfkey_sadb2xfrm_user_sec_ctx(), null
value check has been done. This patch does the null value check after
pfkey_sadb2xfrm_user_sec_ctx() being called in pfkey_compile_policy().
Also, set proper error flag if pfkey_sadb2xfrm_user_sec_ctx() returns
null. This patch code is similar to [1]. Thanks, Steffen!

[1]https://github.com/torvalds/linux/blob/master/net/key/af_key.c#L2404
---
 net/key/af_key.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/key/af_key.c b/net/key/af_key.c
index efc2a91f4c48..9cd14a31a427 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3335,6 +3335,11 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
 		if ((*dir = verify_sec_ctx_len(p)))
 			goto out;
 		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
+		if (!uctx) {
+			*dir = -ENOMEM;
+			goto out;
+		}
+
 		*dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
 		kfree(uctx);
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ