UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
xfrm_xlate32() translates 64-bit message provided by kernel to be sent for 32-bit listener (acknowledge or monitor). Translator code doesn't expect XFRMA_UNSPEC attribute as it doesn't know its payload. Kernel never attaches such attribute, but a user can. I've searched if any opensource does it and the answer is no. Nothing on github and google finds only tfcproject that has such code commented-out. What will happen if a user sends a netlink message with XFRMA_UNSPEC attribute? Ipsec code ignores this attribute. But if there is a monitor-process or 32-bit user requested ack - kernel will try to translate such message and will hit WARN_ONCE() in xfrm_xlate64_attr(). Deal with XFRMA_UNSPEC by copying the attribute payload with xfrm_nla_cpy(). In result, the default switch-case in xfrm_xlate64_attr() becomes an unused code. Leave those 3 lines in case a new xfrm attribute will be added. Fixes: 5461fc0c ("xfrm/compat: Add 64=>32-bit messages translator") Reported-by:<syzbot+a7e701c8385bd8543074@syzkaller.appspotmail.com> Signed-off-by:
Dmitry Safonov <dima@arista.com> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> (cherry picked from commit dbd7ae51) Bug: 187129171 Signed-off-by:
Connor O'Brien <connoro@google.com> Change-Id: I373d781e9b0056f7a5f4500d8f7a046f5215a2d8
Loading
Please sign in to comment