diff options
author | David P <megver83@parabola.nu> | 2018-01-05 23:42:45 -0300 |
---|---|---|
committer | David P <megver83@parabola.nu> | 2018-01-05 23:42:45 -0300 |
commit | dba7d654b0f3fc1cf9a749467464016fc7b2b13b (patch) | |
tree | d2f421d6c6d4e15ac65a2ef80d6c2d0365573900 /libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | |
parent | ea466373788409c3db888022adc1fff3c63a8d79 (diff) | |
download | abslibre-dba7d654b0f3fc1cf9a749467464016fc7b2b13b.tar.gz abslibre-dba7d654b0f3fc1cf9a749467464016fc7b2b13b.tar.bz2 abslibre-dba7d654b0f3fc1cf9a749467464016fc7b2b13b.zip |
libre/linux-libre: add Arch Linux security patches and fix objtool issue
Diffstat (limited to 'libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch')
-rw-r--r-- | libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch new file mode 100644 index 000000000..4dca618a8 --- /dev/null +++ b/libre/linux-libre/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch @@ -0,0 +1,74 @@ +From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001 +Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com> +In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Wed, 15 Nov 2017 06:40:57 +0100 +Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in + xfrm_state_find." + +This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. + +This commit breaks transport mode when the policy template +has widlcard addresses configured, so revert it. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 2a6093840e7e856e..6bc16bb61b5533ef 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, + struct net *net = xp_net(policy); + int nx; + int i, error; ++ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); ++ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); + xfrm_address_t tmp; + + for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { + struct xfrm_state *x; +- xfrm_address_t *local; +- xfrm_address_t *remote; ++ xfrm_address_t *remote = daddr; ++ xfrm_address_t *local = saddr; + struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; + +- remote = &tmpl->id.daddr; +- local = &tmpl->saddr; +- if (xfrm_addr_any(local, tmpl->encap_family)) { +- error = xfrm_get_saddr(net, fl->flowi_oif, +- &tmp, remote, +- tmpl->encap_family, 0); +- if (error) +- goto fail; +- local = &tmp; ++ if (tmpl->mode == XFRM_MODE_TUNNEL || ++ tmpl->mode == XFRM_MODE_BEET) { ++ remote = &tmpl->id.daddr; ++ local = &tmpl->saddr; ++ if (xfrm_addr_any(local, tmpl->encap_family)) { ++ error = xfrm_get_saddr(net, fl->flowi_oif, ++ &tmp, remote, ++ tmpl->encap_family, 0); ++ if (error) ++ goto fail; ++ local = &tmp; ++ } + } + + x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); + + if (x && x->km.state == XFRM_STATE_VALID) { + xfrm[nx++] = x; ++ daddr = remote; ++ saddr = local; + continue; + } + if (x) { +-- +2.15.1 + |