esp: Fix possible buffer overflow in ESP transformation - linux

diff options

author	Steffen Klassert <steffen.klassert@secunet.com>	2022-03-07 13:11:39 +0100
committer	Steffen Klassert <steffen.klassert@secunet.com>	2022-03-07 13:14:03 +0100
commit	ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (patch)
tree	eaf068b3acda81ceaad0143fed5851d21a5e8bef /include/video
parent	Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0" (diff)
download	linux-ebe48d368e97d007bfeb76fcb065d6cfc4c96645.tar.xz linux-ebe48d368e97d007bfeb76fcb065d6cfc4c96645.zip

esp: Fix possible buffer overflow in ESP transformation

The maximum message size that can be send is bigger than the maximum site that skb_page_frag_refill can allocate. So it is possible to write beyond the allocated buffer. Fix this by doing a fallback to COW in that case. v2: Avoid get get_order() costs as suggested by Linus Torvalds. Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible") Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible") Reported-by: valis <sec@valis.email> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Diffstat (limited to 'include/video')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: