github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
a6777a7cee
linux/net/tipc
History
Xin Long 4951ffa3fa tipc: do not write skb_shinfo frags when doing decrytion 
[ Upstream commit 3cf4375a09 ]

One skb's skb_shinfo frags are not writable, and they can be shared with
other skbs' like by pskb_copy(). To write the frags may cause other skb's
data crash.

So before doing en/decryption, skb_cow_data() should always be called for
a cloned or nonlinear skb if req dst is using the same sg as req src.
While at it, the likely branch can be removed, as it will be covered
by skb_cow_data().

Note that esp_input() has the same issue, and I will fix it in another
patch. tipc_aead_encrypt() doesn't have this issue, as it only processes
linear data in the unlikely branch.

Fixes: fc1b6d6de2 ("tipc: introduce TIPC encryption & authentication")
Reported-by: Shuang Li <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-08-04 12:46:43 +02:00
..
addr.c
addr.h
bcast.c net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
bcast.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
bearer.c tipc: fix unique bearer names sanity check 2021-06-10 13:39:22 +02:00
bearer.h
core.c tipc: wait and exit until all work queues are done 2021-06-03 09:00:37 +02:00
core.h tipc: wait and exit until all work queues are done 2021-06-03 09:00:37 +02:00
crypto.c tipc: do not write skb_shinfo frags when doing decrytion 2021-08-04 12:46:43 +02:00
crypto.h tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
diag.c
discover.c net: tipc: kerneldoc fixes 2020-07-13 17:20:40 -07:00
discover.h
eth_media.c tipc: Use is_broadcast_ether_addr() instead of memcmp() 2020-08-03 16:21:46 -07:00
group.c tipc: Fix memory leak in tipc_group_create_member() 2020-09-14 16:36:20 -07:00
group.h
ib_media.c
Kconfig tipc: not enable tipc when ipv6 works as a module 2020-08-16 21:04:55 -07:00
link.c tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 16:04:00 +01:00
link.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
Makefile
monitor.c
monitor.h
msg.c net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
msg.h net: tipc: fix FB_MTU eat two pages 2021-07-14 16:56:32 +02:00
name_distr.c tipc: fix NULL pointer dereference in tipc_named_rcv 2020-10-09 18:29:06 -07:00
name_distr.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
name_table.c tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
name_table.h tipc: update a binding service via broadcast 2020-06-17 08:53:34 -07:00
net.c tipc: fix a deadlock when flushing scheduled work 2020-09-07 12:08:53 -07:00
net.h tipc: fix a deadlock when flushing scheduled work 2020-09-07 12:08:53 -07:00
netlink_compat.c tipc: convert dest node's address to network order 2021-05-19 10:12:52 +02:00
netlink.c tipc: add automatic rekeying for encryption key 2020-09-18 13:58:37 -07:00
netlink.h
node.c tipc: better validate user input in tipc_nl_retrieve_key() 2021-03-30 14:31:59 +02:00
node.h tipc: add automatic session key exchange 2020-09-18 13:58:37 -07:00
socket.c tipc: fix sleeping in tipc accept routine 2021-08-04 12:46:42 +02:00
socket.h tipc: call tsk_set_importance from tipc_topsrv_create_listener 2020-05-28 11:11:46 -07:00
subscr.c
subscr.h tipc: fix failed service subscription deletion 2020-05-13 12:33:19 -07:00
sysctl.c tipc: add automatic session key exchange 2020-09-18 13:58:37 -07:00
topsrv.c tipc: fix memory leak in tipc_topsrv_start() 2020-11-11 14:39:23 -08:00
topsrv.h
trace.c
trace.h tipc: add support for broadcast rcv stats dumping 2020-05-26 15:16:52 -07:00
udp_media.c tipc: wait and exit until all work queues are done 2021-06-03 09:00:37 +02:00
udp_media.h