review.tizen.org Git - platform/kernel/linux-rpi.git/commit

af_key: Fix send_acquire race with pfkey_register

[ Upstream commit 7f57f8165cb6d2c206e2b9ada53b9e2d6d8af42f ]

The function pfkey_send_acquire may race with pfkey_register
(which could even be in a different name space). This may result
in a buffer overrun.

Allocating the maximum amount of memory that could be used prevents
this.

Reported-by: syzbot+1e9af9185d8850e2c2fa@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Herbert Xu <herbert@gondor.apana.org.au>
	Tue, 25 Oct 2022 06:06:48 +0000 (14:06 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 2 Dec 2022 16:41:02 +0000 (17:41 +0100)
commit	8fe533c0f909986763d43a8f3089fca1efe2af6e
tree	7cc05aafcece32010f897b5d86dd697c738406fd	tree \| snapshot
parent	0c69a4658e94d3d66b96c5c181ff32698c974a3b	commit \| diff