diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2010-06-24 06:50:33 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-06-24 06:50:33 +0000 |
| commit | e7fb30d0a684f0cd30dbc49735e5f60329f2f880 (patch) | |
| tree | 0b6eef6e5f86b0e3acc4e0a7b414a66c0ad1b30b /main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch | |
| parent | 8dfe5aacac2e8563d44db5be2fb1eb8708ee2782 (diff) | |
| download | aports-e7fb30d0a684f0cd30dbc49735e5f60329f2f880.tar.bz2 aports-e7fb30d0a684f0cd30dbc49735e5f60329f2f880.tar.xz | |
main/linux-grsec: new xfrm patch
Diffstat (limited to 'main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch')
| -rw-r--r-- | main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch b/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch new file mode 100644 index 0000000000..1a962e1610 --- /dev/null +++ b/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch @@ -0,0 +1,44 @@ +From patchwork Thu Jun 24 05:45:19 2010 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: xfrm: check bundle policy existance before dereferencing it +Date: Wed, 23 Jun 2010 19:45:19 -0000 +From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= +X-Patchwork-Id: 56759 +Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi> +To: netdev@vger.kernel.org, "Justin P. Mattock" <justinmattock@gmail.com>, + Eric Dumazet <eric.dumazet@gmail.com>, + "John W.Linville" <linville@tuxdriver.com>, + Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, + davem@davemloft.net +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> + +Fix the bundle validation code to not assume having a valid policy. +When we have multiple transformations for a xfrm policy, the bundle +instance will be a chain of bundles with only the first one having +the policy reference. When policy_genid is bumped it will expire the +first bundle in the chain which is equivalent of expiring the whole +chain. + +Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com> +Signed-off-by: Timo Teräs <timo.teras@iki.fi> + +--- +net/xfrm/xfrm_policy.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 4bf27d9..af1c173 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first, + return 0; + if (xdst->xfrm_genid != dst->xfrm->genid) + return 0; +- if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) ++ if (xdst->num_pols > 0 && ++ xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) + return 0; + + if (strict && fl && |