xfrm_user: uncoditionally validate esn replay attribute struct
The sanity test added in
c1dce08f4205a can be bypassed, validation
only occurs if XFRM_STATE_ESN flag is set, but rest of code doesn't care
and just checks if the attribute itself is present.
So always validate. Alternative is to reject if we have the attribute
without the flag but that would change abi.
Reported-by: syzbot+0ab777c27d2bb7588f73@syzkaller.appspotmail.com
Cc: Mathias Krause <minipli@googlemail.com>
Fixes: c1dce08f4205a ("xfrm_user: ensure user supplied esn replay window is valid")
Fixes: 9e6c072da8f5c ("xfrm: Add user interface for esn and big anti-replay windows")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
projects / kernel.git / commit