Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 193757c0 authored by Andy Whitcroft's avatar Andy Whitcroft Committed by Gerrit - the friendly Code Review server
Browse files

xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder 



Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
wrapping issues.  To ensure we are correctly ensuring that the two ESN
structures are the same size compare both the overall size as reported
by xfrm_replay_state_esn_len() and the internal length are the same.

CVE-2017-7184
Signed-off-by: default avatarAndy Whitcroft <apw@canonical.com>
Acked-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Change-Id: I035fb0bbb9449fc999d83302c8343b0700316229
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Git-commit: f843ee6dd019bcece3e74e76ad9df0155655d0df
Signed-off-by: default avatarDennis Cagle <d-cagle@codeaurora.org>
parent 8c2a644e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment