Commit bcf66bf54aabffc150acd1c99e0f4bc51935eada

Authored by Steffen Klassert
Committed by David S. Miller
1 parent 561dac2d41

xfrm: Perform a replay check after return from async codepaths

When asyncronous crypto algorithms are used, there might be many
packets that passed the xfrm replay check, but the replay advance
function is not called yet for these packets. So the replay check
function would accept a replay of all of these packets. Also the
system might crash if there are more packets in async processing
than the size of the anti replay window, because the replay advance
function would try to update the replay window beyond the bounds.

This pach adds a second replay check after resuming from the async
processing to fix these issues.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 5 additions and 0 deletions Side-by-side Diff

net/xfrm/xfrm_input.c
... ... @@ -212,6 +212,11 @@
212 212 /* only the first xfrm gets the encap type */
213 213 encap_type = 0;
214 214  
  215 + if (async && x->repl->check(x, skb, seq)) {
  216 + XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
  217 + goto drop_unlock;
  218 + }
  219 +
215 220 x->repl->advance(x, seq);
216 221  
217 222 x->curlft.bytes += skb->len;