Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net/xfrm
History
Vladis Dronov 84655b5f70 xfrm: policy: check policy direction value 
The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
as an array index. This can lead to an out-of-bound access, kernel lockup and
DoS. Add a check for the 'dir' value.

This fixes CVE-2017-11600.

Change-Id: Ic55eec5b4767ad1bd8328b382c35f7b213abc38d
References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
Fixes: 80c9abaabf ("[XFRM]: Extension for dynamic update of endpoint address(es)")
Cc: <stable@vger.kernel.org> # v2.6.21-rc1
Reported-by: "bo Zhang" <zhangbo5891001@gmail.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2018-02-16 20:15:07 -07:00
..
Kconfig
Makefile
xfrm_algo.c
xfrm_hash.c
xfrm_hash.h
xfrm_input.c xfrm: Workaround incompatibility of ESN and async crypto 2012-10-13 05:38:40 +09:00
xfrm_ipcomp.c
xfrm_output.c net: make skb_gso_segment error handling more robust 2015-06-19 11:40:33 +08:00
xfrm_policy.c xfrm: policy: check policy direction value 2018-02-16 20:15:07 -07:00
xfrm_proc.c
xfrm_replay.c xfrm: Workaround incompatibility of ESN and async crypto 2012-10-13 05:38:40 +09:00
xfrm_state.c
xfrm_sysctl.c
xfrm_user.c Merge remote-tracking branch 'stable/linux-3.4.y' into lineage-15.1 2017-12-27 17:13:15 +03:00