Google Git
Sign in
android / kernel / msm.git / 2337d793bbe91ca875813ace30fa37385f6e78d9
commit2337d793bbe91ca875813ace30fa37385f6e78d9[log] [tgz]
authorAndy Whitcroft <apw@canonical.com>Thu Mar 23 07:45:44 2017 +0000
committeredwardcw_lin <Edwardcw_Lin@compal.com>Wed Apr 26 11:51:24 2017 +0800
tree9ff6f97f0f7042d56a0388673afd344390d28de7
parent3a6b11559f2e70b070e7e2aa84b9c46c25749bea [diff]
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder

Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
wrapping issues.  To ensure we are correctly ensuring that the two ESN
structures are the same size compare both the overall size as reported
by xfrm_replay_state_esn_len() and the internal length are the same.

CVE-2017-7184
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Change-Id: I5e82169063dadb1577f81da0a4e750d11b6aa045
1 file changed
tree: 9ff6f97f0f7042d56a0388673afd344390d28de7
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. linaro/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .gitignore
  25. .mailmap
  26. AndroidKernel.mk
  27. build.config
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS