[v2] xfrm: Return error on unknown encap_type in init_state

Message ID	20180105111232.GA15350@gondor.apana.org.au
State	Awaiting Upstream, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Fri, 5 Jan 2018 22:12:32 +1100 From: Herbert Xu <herbert@gondor.apana.org.au> To: Steffen Klassert <steffen.klassert@secunet.com> Cc: netdev@vger.kernel.org Subject: [PATCH v2] xfrm: Return error on unknown encap_type in init_state Message-ID: <20180105111232.GA15350@gondor.apana.org.au> References: <20180104112104.GA6437@gondor.apana.org.au> <20180105083247.ce7hu2lmy64fyff5@gauss3.secunet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180105083247.ce7hu2lmy64fyff5@gauss3.secunet.de> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[v2] xfrm: Return error on unknown encap_type in init_state \| expand [v2] xfrm: Return error on unknown encap_type in init_state

Message ID

20180105111232.GA15350@gondor.apana.org.au

State

Awaiting Upstream, archived

Delegated to:

David Miller

Headers

Date: Fri, 5 Jan 2018 22:12:32 +1100
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: netdev@vger.kernel.org
Subject: [PATCH v2] xfrm: Return error on unknown encap_type in init_state
Message-ID: <20180105111232.GA15350@gondor.apana.org.au>
References: <20180104112104.GA6437@gondor.apana.org.au>
	<20180105083247.ce7hu2lmy64fyff5@gauss3.secunet.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180105083247.ce7hu2lmy64fyff5@gauss3.secunet.de>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[v2] xfrm: Return error on unknown encap_type in init_state | expand

Commit Message

Herbert Xu Jan. 5, 2018, 11:12 a.m. UTC

On Fri, Jan 05, 2018 at 09:32:47AM +0100, Steffen Klassert wrote:
>
> Looks like we catch the unknown mode in __xfrm_init_state().
> But in any case, if we want to return -EINVAL on unknown mode,
> we should do it for IPv6 and for IPv4.

OK, how about this one then:

---8<---
Currently esp will happily create an xfrm state with an unknown
encap type for IPv4, without setting the necessary state parameters.
This patch fixes it by returning -EINVAL.

There is a similar problem in IPv6 where if the mode is unknown
we will skip initialisation while returning zero.  However, this
is harmless as the mode has already been checked further up the
stack.  This patch removes this anomaly by aligning the IPv6
behaviour with IPv4 and treating unknown modes (which cannot
actually happen) as transport mode.

Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Comments

Steffen Klassert Jan. 9, 2018, 11:59 a.m. UTC | #1

On Fri, Jan 05, 2018 at 10:12:32PM +1100, Herbert Xu wrote:
> On Fri, Jan 05, 2018 at 09:32:47AM +0100, Steffen Klassert wrote:
> >
> > Looks like we catch the unknown mode in __xfrm_init_state().
> > But in any case, if we want to return -EINVAL on unknown mode,
> > we should do it for IPv6 and for IPv4.
> 
> OK, how about this one then:
> 
> ---8<---
> Currently esp will happily create an xfrm state with an unknown
> encap type for IPv4, without setting the necessary state parameters.
> This patch fixes it by returning -EINVAL.
> 
> There is a similar problem in IPv6 where if the mode is unknown
> we will skip initialisation while returning zero.  However, this
> is harmless as the mode has already been checked further up the
> stack.  This patch removes this anomaly by aligning the IPv6
> behaviour with IPv4 and treating unknown modes (which cannot
> actually happen) as transport mode.
> 
> Fixes: 38320c70d282 ("[IPSEC]: Use crypto_aead and authenc in ESP")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Patch applied, thanks Herbert!

diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index d57aa64..61fe6e4 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -981,6 +981,7 @@  static int esp_init_state(struct xfrm_state *x)
 
 		switch (encap->encap_type) {
 		default:
+			err = -EINVAL;
 			goto error;
 		case UDP_ENCAP_ESPINUDP:
 			x->props.header_len += sizeof(struct udphdr);
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index a902ff8..1a7f00c 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -890,13 +890,12 @@  static int esp6_init_state(struct xfrm_state *x)
 			x->props.header_len += IPV4_BEET_PHMAXLEN +
 					       (sizeof(struct ipv6hdr) - sizeof(struct iphdr));
 		break;
+	default:
 	case XFRM_MODE_TRANSPORT:
 		break;
 	case XFRM_MODE_TUNNEL:
 		x->props.header_len += sizeof(struct ipv6hdr);
 		break;
-	default:
-		goto error;
 	}
 
 	align = ALIGN(crypto_aead_blocksize(aead), 4);