git.ipfire.org Git - thirdparty/xtables-addons.git/commit

author	Jan Engelhardt <jengelh@inai.de>
	Sat, 30 Dec 2023 17:47:05 +0000 (18:47 +0100)
committer	Jan Engelhardt <jengelh@inai.de>
	Sat, 30 Dec 2023 17:49:55 +0000 (18:49 +0100)
commit	a5b9baeee87c17ec79113cb51e4316e6ce468253
tree	463c58c29d9fb4f41400f2e2472aa351fe934937	tree
parent	d28e28ce83339e17b8b70cc65a2336db7faf42bf	commit \| diff

xt_pknock: update for shash API

Bug report states:

``crypto.desc`` is used to hold the ``hmac(sha256)`` transform such
that it can be fed to ``crypto_shash_update`` et al. It seems that
those functions require extra memory after the ``shash_desc``. With
the current layout, usage of ``&crypto.desc`` with the
``crypto_shash_*`` functions causes memory corruption which most
often crashes in netfilter after the pknock match filter has
returned.

By removing ``crypto.desc`` and instead using ``SHASH_DESC_ON_STACK``
within ``has_secret``, the issue can be avoided. See other
SHASH_DESC_ON_STACK uses elsewhere in the kernel source.

Additionally, ``crypto_shash_init`` needs to be called before the
first ``crypto_shash_update``.

Fixes: v2.10-7-g7af1b97