git.baikalelectronics.ru Git - kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Fri, 22 Jul 2022 09:16:30 +0000 (11:16 +0200)
committer	David S. Miller <davem@davemloft.net>
	Mon, 25 Jul 2022 10:49:25 +0000 (11:49 +0100)
commit	deba3e8b4fc7110d946f40f486476cb1eb0b9eac
tree	3131d6cf576f7fd5ebd50705e83d8856e6931332	tree \| snapshot
parent	eef13ddd2e9f7372e43a26bb1044c8fc29019afb	commit \| diff

macsec: always read MACSEC_SA_ATTR_PN as a u64

Currently, MACSEC_SA_ATTR_PN is handled inconsistently, sometimes as a
u32, sometimes forced into a u64 without checking the actual length of
the attribute. Instead, we can use nla_get_u64 everywhere, which will
read up to 64 bits into a u64, capped by the actual length of the
attribute coming from userspace.

This fixes several issues:
- the check in validate_add_rxsa doesn't work with 32-bit attributes
- the checks in validate_add_txsa and validate_upd_sa incorrectly
reject X << 32 (with X != 0)

Fixes: bb178617ead6 ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>