github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-26 08:02:27 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

xfrm: Restrict percpu SA attribute to specific netlink message types

Browse Source 
Reject the usage of XFRMA_SA_PCPU in xfrm netlink messages when
it's not applicable.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Tested-by: Antony Antony <antony.antony@secunet.com>
Tested-by: Tobias Brunner <tobias@strongswan.org>
This commit is contained in:
Steffen Klassert 2024-10-23 12:53:45 +02:00
parent 81a331a0e7
commit 83dfce38c4
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
net/xfrm/xfrm_user.c
View File

@ -3282,6 +3282,20 @@ static int xfrm_reject_unused_attr(int type, struct nlattr **attrs,
}
}
if (attrs[XFRMA_SA_PCPU]) {
switch (type) {
case XFRM_MSG_NEWSA:
case XFRM_MSG_UPDSA:
case XFRM_MSG_ALLOCSPI:
case XFRM_MSG_ACQUIRE:
break;
default:
NL_SET_ERR_MSG(extack, "Invalid attribute SA_PCPU");
return -EINVAL;
}
}
return 0;
}