Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 13fcfbb0 authored by David S. Miller's avatar David S. Miller
Browse files

[XFRM]: Fix OOPSes in xfrm_audit_log().



Make sure that this function is called correctly, and
add BUG() checking to ensure the arguments are sane.

Based upon a patch by Joy Latten.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9121c777
Loading
Loading
Loading
Loading
+6 −5
Original line number Diff line number Diff line
@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
				   &sel, tmp.security, 1);
	security_xfrm_policy_free(&tmp);

	xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
		       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);

	if (xp == NULL)
		return -ENOENT;

	err = 0;
	err = security_xfrm_policy_delete(xp);

	if ((err = security_xfrm_policy_delete(xp)))
	xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
		       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);

	if (err)
		goto out;

	c.seq = hdr->sadb_msg_seq;
	c.pid = hdr->sadb_msg_pid;
	c.event = XFRM_MSG_DELPOLICY;
+6 −1
Original line number Diff line number Diff line
@@ -1997,6 +1997,11 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
	if (audit_enabled == 0)
		return;

	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
		type == AUDIT_MAC_IPSEC_DELSA) && !x);
	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
		type == AUDIT_MAC_IPSEC_DELSPD) && !xp);

	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
	if (audit_buf == NULL)
		return;
+7 −5
Original line number Diff line number Diff line
@@ -1273,10 +1273,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
		xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
		security_xfrm_policy_free(&tmp);
	}
	if (delete)
		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
			       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);

	if (xp == NULL)
		return -ENOENT;

@@ -1292,8 +1288,14 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
					      MSG_DONTWAIT);
		}
	} else {
		if ((err = security_xfrm_policy_delete(xp)) != 0)
		err = security_xfrm_policy_delete(xp);

		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
			       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);

		if (err != 0)
			goto out;

		c.data.byid = p->index;
		c.event = nlh->nlmsg_type;
		c.seq = nlh->nlmsg_seq;