| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a405d5032309cc92f1e6b63a167f26e4de15f7a9.1767964254.git.antony@moon.secunet.de>
Date: Fri, 9 Jan 2026 14:38:51 +0100
From: Antony Antony <antony.antony@...unet.com>
To: Steffen Klassert <steffen.klassert@...unet.com>, Herbert Xu
<herbert@...dor.apana.org.au>, <netdev@...r.kernel.org>
CC: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
<pabeni@...hat.com>, <devel@...ux-ipsec.org>
Subject: [PATCH ipsec-next 6/6] xfrm: check that SA is in VALID state before
use
During migration, an SA may be deleted or become invalid while skb(s)
still hold a reference to it. Using such an SA in the output path may
result in IV reuse with AES-GCM.
Reject use of states that are not in XFRM_STATE_VALID.
This applies to both output and input data paths.
The check is performed in xfrm_state_check_expire(), which is called
from xfrm_output_one().
Signed-off-by: Antony Antony <antony.antony@...unet.com>
---
net/xfrm/xfrm_state.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 04c893e42bc1..ca628262087f 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2278,6 +2278,9 @@ EXPORT_SYMBOL(xfrm_state_update);
int xfrm_state_check_expire(struct xfrm_state *x)
{
+ if (x->km.state != XFRM_STATE_VALID)
+ return -EINVAL;
+
/* All counters which are needed to decide if state is expired
* are handled by SW for non-packet offload modes. Simply skip
* the following update and save extra boilerplate in drivers.
--
2.39.5
Powered by blists - more mailing lists