summaryrefslogtreecommitdiff
path: root/net/ipv4/xfrm4_policy.c
diff options
context:
space:
mode:
authorVladis Dronov <vdronov@redhat.com>2017-09-13 01:21:21 +0300
committerJohannes Berg <johannes.berg@intel.com>2017-09-15 10:15:14 +0300
commite785fa0a164aa11001cba931367c7f94ffaff888 (patch)
treed64e0f5109be36bb948ceae6cea57b0851423293 /net/ipv4/xfrm4_policy.c
parent126f760ca94dae77425695f9f9238b731de86e32 (diff)
downloadlinux-e785fa0a164aa11001cba931367c7f94ffaff888.tar.xz
nl80211: check for the required netlink attributes presence
nl80211_set_rekey_data() does not check if the required attributes NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attributes presence. This patch is based on the patch by bo Zhang. This fixes CVE-2017-12153. References: https://bugzilla.redhat.com/show_bug.cgi?id=1491046 Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload") Cc: <stable@vger.kernel.org> # v3.1-rc1 Reported-by: bo Zhang <zhangbo5891001@gmail.com> Signed-off-by: Vladis Dronov <vdronov@redhat.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
0 files changed, 0 insertions, 0 deletions