michael/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xfrm: prevent high SEQ input in non-ESN mode

Browse Source 
[ Upstream commit e3aa43a50a ]

In non-ESN mode, the SEQ numbers are limited to 32 bits and seq_hi/oseq_hi
are not used. So make sure that user gets proper error message, in case
such assignment occurred.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Leon Romanovsky
2025-02-05 20:27:49 +02:00
committed by Greg Kroah-Hartman
parent d2bae2c3b7
commit 65d7c70867
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
net/xfrm/xfrm_user.c
View File

@@ -178,6 +178,12 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
"Replay seq and seq_hi should be 0 for output SA");
return -EINVAL;
}
if (rs->oseq_hi && !(p->flags & XFRM_STATE_ESN)) {
NL_SET_ERR_MSG(
extack,
"Replay oseq_hi should be 0 in non-ESN mode for output SA");
return -EINVAL;
}
if (rs->bmp_len) {
NL_SET_ERR_MSG(extack, "Replay bmp_len should 0 for output SA");
return -EINVAL;
@@ -190,6 +196,12 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
"Replay oseq and oseq_hi should be 0 for input SA");
return -EINVAL;
}
if (rs->seq_hi && !(p->flags & XFRM_STATE_ESN)) {
NL_SET_ERR_MSG(
extack,
"Replay seq_hi should be 0 in non-ESN mode for input SA");
return -EINVAL;
}
}
return 0;