]>
Commit | Line | Data |
---|---|---|
c4e04f43 GKH |
1 | From 19d7df69fdb2636856dc8919de72fc1bf8f79598 Mon Sep 17 00:00:00 2001 |
2 | From: Steffen Klassert <steffen.klassert@secunet.com> | |
3 | Date: Thu, 1 Feb 2018 08:49:23 +0100 | |
4 | Subject: xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems | |
5 | ||
6 | From: Steffen Klassert <steffen.klassert@secunet.com> | |
7 | ||
8 | commit 19d7df69fdb2636856dc8919de72fc1bf8f79598 upstream. | |
9 | ||
10 | We don't have a compat layer for xfrm, so userspace and kernel | |
11 | structures have different sizes in this case. This results in | |
12 | a broken configuration, so refuse to configure socket policies | |
13 | when trying to insert from 32 bit userspace as we do it already | |
14 | with policies inserted via netlink. | |
15 | ||
16 | Reported-and-tested-by: syzbot+e1a1577ca8bcb47b769a@syzkaller.appspotmail.com | |
17 | Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> | |
18 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
19 | ||
20 | --- | |
21 | net/xfrm/xfrm_state.c | 5 +++++ | |
22 | 1 file changed, 5 insertions(+) | |
23 | ||
24 | --- a/net/xfrm/xfrm_state.c | |
25 | +++ b/net/xfrm/xfrm_state.c | |
26 | @@ -2050,6 +2050,11 @@ int xfrm_user_policy(struct sock *sk, in | |
27 | struct xfrm_mgr *km; | |
28 | struct xfrm_policy *pol = NULL; | |
29 | ||
30 | +#ifdef CONFIG_COMPAT | |
31 | + if (in_compat_syscall()) | |
32 | + return -EOPNOTSUPP; | |
33 | +#endif | |
34 | + | |
35 | if (!optval && !optlen) { | |
36 | xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL); | |
37 | xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL); |