xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to wrapping issues. To ensure we are correctly ensuring that the two ESN structures are the same size compare both the overall size as reported by xfrm_replay_state_esn_len() and the internal length are the same. CVE-2017-7184 Signed-off-by:Andy Whitcroft <apw@canonical.com> Acked-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> Change-Id: I035fb0bbb9449fc999d83302c8343b0700316229 Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-commit: f843ee6dd019bcece3e74e76ad9df0155655d0df Signed-off-by:
Dennis Cagle <d-cagle@codeaurora.org>
Loading
Please register or sign in to comment