Kezdőlap Felfedezés Súgó
Bejelentkezés
GfA
/
linux_kernel
5
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Forráskód Böngészése

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
pull request (net): ipsec 2017-08-29

1) Fix dst_entry refcount imbalance when using socket policies.
   From Lorenzo Colitti.

2) Fix locking when adding the ESP trailers.

3) Fix tailroom calculation for the ESP trailer by using
   skb_tailroom instead of skb_availroom.

4) Fix some info leaks in xfrm_user.
   From Mathias Krause.

Please pull or let me know if there are problems.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 8 éve
szülő
c7848399ec 931e79d7a7
commit
04f1c4ad72
4 módosított fájl, 13 hozzáadás és 8 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 4 3
      net/ipv4/esp4.c
  2. 4 3
      net/ipv6/esp6.c
  3. 0 1
      net/xfrm/xfrm_policy.c
  4. 5 1
      net/xfrm/xfrm_user.c

+ 4 - 3
net/ipv4/esp4.c
Fájl Megtekintése 

@@ -258,7 +258,7 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
 
 		esp_output_udp_encap(x, skb, esp);
 
 
 	if (!skb_cloned(skb)) {
 
-		if (tailen <= skb_availroom(skb)) {
 
+		if (tailen <= skb_tailroom(skb)) {
 
 			nfrags = 1;
 
 			trailer = skb;
 
 			tail = skb_tail_pointer(trailer);
 
@@ -292,8 +292,6 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
 
 
 			kunmap_atomic(vaddr);
 
 
-			spin_unlock_bh(&x->lock);
 
-
 
 			nfrags = skb_shinfo(skb)->nr_frags;
 
 
 			__skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
 
@@ -301,6 +299,9 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
 
 			skb_shinfo(skb)->nr_frags = ++nfrags;
 
 
 			pfrag->offset = pfrag->offset + allocsize;
 
+
 
+			spin_unlock_bh(&x->lock);
 
+
 
 			nfrags++;
 
 
 			skb->len += tailen;

+ 4 - 3
net/ipv6/esp6.c
Fájl Megtekintése 

@@ -226,7 +226,7 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
 
 	int tailen = esp->tailen;
 
 
 	if (!skb_cloned(skb)) {
 
-		if (tailen <= skb_availroom(skb)) {
 
+		if (tailen <= skb_tailroom(skb)) {
 
 			nfrags = 1;
 
 			trailer = skb;
 
 			tail = skb_tail_pointer(trailer);
 
@@ -260,8 +260,6 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
 
 
 			kunmap_atomic(vaddr);
 
 
-			spin_unlock_bh(&x->lock);
 
-
 
 			nfrags = skb_shinfo(skb)->nr_frags;
 
 
 			__skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
 
@@ -269,6 +267,9 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
 
 			skb_shinfo(skb)->nr_frags = ++nfrags;
 
 
 			pfrag->offset = pfrag->offset + allocsize;
 
+
 
+			spin_unlock_bh(&x->lock);
 
+
 
 			nfrags++;
 
 
 			skb->len += tailen;

+ 0 - 1
net/xfrm/xfrm_policy.c
Fájl Megtekintése 

@@ -2226,7 +2226,6 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
 
 				goto no_transform;
 
 			}
 
 
-			dst_hold(&xdst->u.dst);
 
 			route = xdst->route;
 
 		}
 
 	}

+ 5 - 1
net/xfrm/xfrm_user.c
Fájl Megtekintése 

@@ -796,7 +796,7 @@ static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb
 
 		return -EMSGSIZE;
 
 
 	xuo = nla_data(attr);
 
-
 
+	memset(xuo, 0, sizeof(*xuo));
 
 	xuo->ifindex = xso->dev->ifindex;
 
 	xuo->flags = xso->flags;
 
 
@@ -1869,6 +1869,7 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct
 
 		return -EMSGSIZE;
 
 
 	id = nlmsg_data(nlh);
 
+	memset(&id->sa_id, 0, sizeof(id->sa_id));
 
 	memcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr));
 
 	id->sa_id.spi = x->id.spi;
 
 	id->sa_id.family = x->props.family;
 
@@ -2578,6 +2579,8 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct
 
 	ue = nlmsg_data(nlh);
 
 	copy_to_user_state(x, &ue->state);
 
 	ue->hard = (c->data.hard != 0) ? 1 : 0;
 
+	/* clear the padding bytes */
 
+	memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
 
 
 	err = xfrm_mark_put(skb, &x->mark);
 
 	if (err)
 
@@ -2715,6 +2718,7 @@ static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
 
 		struct nlattr *attr;
 
 
 		id = nlmsg_data(nlh);
 
+		memset(id, 0, sizeof(*id));
 
 		memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr));
 
 		id->spi = x->id.spi;
 
 		id->family = x->props.family;