diff options
| author | Kevin Easton <kevin@guarana.org> | 2018-04-07 11:40:33 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-06-16 09:54:25 +0200 |
| commit | 702b477de1db146435a9f56deabeabb515972c04 (patch) | |
| tree | 5cc24feab1fe07904ff96712626ec30c9328c8d8 /mm/hugetlb_cgroup.c | |
| parent | 85191ed0a2280a6fb9cd622ac7c99c23914dd422 (diff) | |
af_key: Always verify length of provided sadb_key
commit 4b66af2d6356a00e94bcdea3e7fea324e8b5c6f4 upstream.
Key extensions (struct sadb_key) include a user-specified number of key
bits. The kernel uses that number to determine how much key data to copy
out of the message in pfkey_msg2xfrm_state().
The length of the sadb_key message must be verified to be long enough,
even in the case of SADB_X_AALG_NULL. Furthermore, the sadb_key_len value
must be long enough to include both the key data and the struct sadb_key
itself.
Introduce a helper function verify_key_len(), and call it from
parse_exthdrs() where other exthdr types are similarly checked for
correctness.
Signed-off-by: Kevin Easton <kevin@guarana.org>
Reported-by: syzbot+5022a34ca5a3d49b84223653fab632dfb7b4cf37@syzkaller.appspotmail.com
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'mm/hugetlb_cgroup.c')
0 files changed, 0 insertions, 0 deletions