From patchwork Tue Dec 26 06:34:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Herbert Xu X-Patchwork-Id: 852937 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z5R6l2N98z9rxm for ; Tue, 26 Dec 2017 17:34:55 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750854AbdLZGeu (ORCPT ); Tue, 26 Dec 2017 01:34:50 -0500 Received: from [128.1.224.119] ([128.1.224.119]:48558 "EHLO ringil.hmeau.com" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1750705AbdLZGet (ORCPT ); Tue, 26 Dec 2017 01:34:49 -0500 Received: from gondolin.me.apana.org.au ([192.168.0.6] helo=gondolin.hengli.com.au) by norbury.hmeau.com with esmtp (Exim 4.80 #3 (Debian)) id 1eTip6-0000uc-Dw; Tue, 26 Dec 2017 17:34:48 +1100 Received: from herbert by gondolin.hengli.com.au with local (Exim 4.80) (envelope-from ) id 1eTip2-000707-M7; Tue, 26 Dec 2017 17:34:44 +1100 Date: Tue, 26 Dec 2017 17:34:44 +1100 From: Herbert Xu To: Steffen Klassert , netdev@vger.kernel.org Subject: xfrm: Forbid state updates from changing encap type Message-ID: <20171226063444.GA26819@gondor.apana.org.au> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently we allow state updates to competely replace the contents of x->encap. This is bad because on the user side ESP only sets up header lengths depending on encap_type once when the state is first created. This could result in the header lengths getting out of sync with the actual state configuration. In practice key managers will never do a state update to change the encapsulation type. Only the port numbers need to be changed as the peer NAT entry is updated. Therefore this patch adds a check in xfrm_state_update to forbid any changes to the encap_type. Signed-off-by: Herbert Xu diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 065d896..dc1cdde 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1533,8 +1533,12 @@ int xfrm_state_update(struct xfrm_state *x) err = -EINVAL; spin_lock_bh(&x1->lock); if (likely(x1->km.state == XFRM_STATE_VALID)) { - if (x->encap && x1->encap) + if (x->encap && x1->encap && + x->encap->encap_type == x1->encap->encap_type) memcpy(x1->encap, x->encap, sizeof(*x1->encap)); + else if (x->encap || x1->encap) + goto fail; + if (x->coaddr && x1->coaddr) { memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr)); } @@ -1551,6 +1555,8 @@ int xfrm_state_update(struct xfrm_state *x) x->km.state = XFRM_STATE_DEAD; __xfrm_state_put(x); } + +fail: spin_unlock_bh(&x1->lock); xfrm_state_put(x1);