Unverified Commit 276d5fca authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!2666 net: xfrm: Fix xfrm_address_filter OOB read 

Merge Pull Request from: @ci-robot 
 
PR sync from: Dong Chenchen <dongchenchen2@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/DXG36VR6JJH3TM6TK357FK5XACV3XZXH/ 
 
https://gitee.com/src-openeuler/kernel/issues/I85DZ6 
 
Link:https://gitee.com/openeuler/kernel/pulls/2666

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents d8da829a 879c82e7

net/xfrm/xfrm_user.c

+9 −0
Original line number Diff line number Diff line
@@ -1049,6 +1049,15 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 
					 sizeof(*filter), GFP_KERNEL);

			if (filter == NULL)

				return -ENOMEM;



			/* see addr_match(), (prefix length >> 5) << 2

			 * will be used to compare xfrm_address_t

			 */

			if (filter->splen > (sizeof(xfrm_address_t) << 3) ||

			    filter->dplen > (sizeof(xfrm_address_t) << 3)) {

				kfree(filter);

				return -EINVAL;

			}

		}



		if (attrs[XFRMA_PROTO])