From e7fb30d0a684f0cd30dbc49735e5f60329f2f880 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 24 Jun 2010 06:50:33 +0000 Subject: main/linux-grsec: new xfrm patch --- ...-policy-existance-before-dereferencing-it.patch | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch (limited to 'main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch') diff --git a/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch b/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch new file mode 100644 index 0000000000..1a962e1610 --- /dev/null +++ b/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch @@ -0,0 +1,44 @@ +From patchwork Thu Jun 24 05:45:19 2010 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Subject: xfrm: check bundle policy existance before dereferencing it +Date: Wed, 23 Jun 2010 19:45:19 -0000 +From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= +X-Patchwork-Id: 56759 +Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi> +To: netdev@vger.kernel.org, "Justin P. Mattock" , + Eric Dumazet , + "John W.Linville" , + Linux Kernel Mailing List , + davem@davemloft.net +Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= + +Fix the bundle validation code to not assume having a valid policy. +When we have multiple transformations for a xfrm policy, the bundle +instance will be a chain of bundles with only the first one having +the policy reference. When policy_genid is bumped it will expire the +first bundle in the chain which is equivalent of expiring the whole +chain. + +Reported-bisected-and-tested-by: Justin P. Mattock +Signed-off-by: Timo Teräs + +--- +net/xfrm/xfrm_policy.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 4bf27d9..af1c173 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first, + return 0; + if (xdst->xfrm_genid != dst->xfrm->genid) + return 0; +- if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) ++ if (xdst->num_pols > 0 && ++ xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) + return 0; + + if (strict && fl && -- cgit v1.2.3