diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2017-10-19 20:51:10 +0800 |
|---|---|---|
| committer | Todd Kjos <tkjos@google.com> | 2018-02-14 09:33:04 -0800 |
| commit | 1df72c9f0f61304437f4f1037df03b5fb36d5a79 (patch) | |
| tree | a02a085e5450fd138b53f259f482d91d0fc0886d /tools/perf/scripts/python/syscall-counts.py | |
| parent | c81cfed87e8f9a94a995a8b8275f3795f2a9594e (diff) | |
ipsec: Fix aborted xfrm policy dump crash
An independent security researcher, Mohamed Ghannam, has reported
this vulnerability to Beyond Security's SecuriTeam Secure Disclosure
program.
The xfrm_dump_policy_done function expects xfrm_dump_policy to
have been called at least once or it will crash. This can be
triggered if a dump fails because the target socket's receive
buffer is full.
This patch fixes it by using the cb->start mechanism to ensure that
the initialisation is always done regardless of the buffer situation.
Change-Id: Id41cdd41c4e43e0c3ac30c5d03c15b8046d70845
Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'tools/perf/scripts/python/syscall-counts.py')
0 files changed, 0 insertions, 0 deletions