diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2017-10-19 20:51:10 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-11-02 09:49:15 +0100 |
commit | 543aabb7d14b2414f40b632e37b0921bd0af3a96 (patch) | |
tree | 61ea9fbc570162902ff0cae3118d2ef79d1240d5 /lib/lz4/Makefile | |
parent | bb46f793ad02d13e678538d204a40f77a5fa2cd2 (diff) | |
download | linux-stable-543aabb7d14b2414f40b632e37b0921bd0af3a96.tar.gz linux-stable-543aabb7d14b2414f40b632e37b0921bd0af3a96.tar.bz2 linux-stable-543aabb7d14b2414f40b632e37b0921bd0af3a96.zip |
ipsec: Fix aborted xfrm policy dump crash
commit 1137b5e2529a8f5ca8ee709288ecba3e68044df2 upstream.
An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.
The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash. This can be
triggered if a dump fails because the target socket's receive
buffer is full.
This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.
Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/lz4/Makefile')
0 files changed, 0 insertions, 0 deletions