aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-09-20 23:38:58 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2011-10-03 11:40:55 -0700
commit23b576bfe4a6056afb6bca3cd1cb96581f4cb19d (patch)
treea59620d86b35fa1cddf5490a0a23a50f862bd324 /net
parentb082a5631a746b494553f7c72b387cb625a1674a (diff)
downloadkernel_samsung_aries-23b576bfe4a6056afb6bca3cd1cb96581f4cb19d.zip
kernel_samsung_aries-23b576bfe4a6056afb6bca3cd1cb96581f4cb19d.tar.gz
kernel_samsung_aries-23b576bfe4a6056afb6bca3cd1cb96581f4cb19d.tar.bz2
xfrm: Perform a replay check after return from async codepaths
[ Upstream commit bcf66bf54aabffc150acd1c99e0f4bc51935eada ] When asyncronous crypto algorithms are used, there might be many packets that passed the xfrm replay check, but the replay advance function is not called yet for these packets. So the replay check function would accept a replay of all of these packets. Also the system might crash if there are more packets in async processing than the size of the anti replay window, because the replay advance function would try to update the replay window beyond the bounds. This pach adds a second replay check after resuming from the async processing to fix these issues. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_input.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index a026b0e..54a0dc2 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -212,6 +212,11 @@ resume:
/* only the first xfrm gets the encap type */
encap_type = 0;
+ if (async && x->repl->check(x, skb, seq)) {
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
+ goto drop_unlock;
+ }
+
x->repl->advance(x, seq);
x->curlft.bytes += skb->len;