Home Verkennen Help
Inloggen
GfA
/
linux_kernel
5
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

xfrm: Always zero high-order sequence number bits

As we're now always including the high bits of the sequence number
in the IV generation process we need to ensure that they don't
contain crap.

This patch ensures that the high sequence bits are always zeroed
so that we don't leak random data into the IV.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Herbert Xu 10 jaren geleden
bovenliggende
6d7258ca93
commit
407d34ef29
1 gewijzigde bestanden met toevoegingen van 2 en 0 verwijderingen
Gecombineerde weergave Toon Diff Stats
  1. 2 0
      net/xfrm/xfrm_replay.c

+ 2 - 0
net/xfrm/xfrm_replay.c
Bestand weergeven 

@@ -99,6 +99,7 @@ static int xfrm_replay_overflow(struct xfrm_state *x, struct sk_buff *skb)
 
 
 
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
 
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
 
 		XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
 
 		XFRM_SKB_CB(skb)->seq.output.low = ++x->replay.oseq;
 
+		XFRM_SKB_CB(skb)->seq.output.hi = 0;
 
 		if (unlikely(x->replay.oseq == 0)) {
 
 		if (unlikely(x->replay.oseq == 0)) {
 
 			x->replay.oseq--;
 
 			x->replay.oseq--;
 
 			xfrm_audit_state_replay_overflow(x, skb);
 
 			xfrm_audit_state_replay_overflow(x, skb);
 
@@ -177,6 +178,7 @@ static int xfrm_replay_overflow_bmp(struct xfrm_state *x, struct sk_buff *skb)
 
 
 
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
 
 	if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
 
 		XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
 
 		XFRM_SKB_CB(skb)->seq.output.low = ++replay_esn->oseq;
 
+		XFRM_SKB_CB(skb)->seq.output.hi = 0;
 
 		if (unlikely(replay_esn->oseq == 0)) {
 
 		if (unlikely(replay_esn->oseq == 0)) {
 
 			replay_esn->oseq--;
 
 			replay_esn->oseq--;
 
 			xfrm_audit_state_replay_overflow(x, skb);
 
 			xfrm_audit_state_replay_overflow(x, skb);