Re: [PATCH] net: xfrm: fix shift-out-of-bounds in xfrm_get_default
From: Steffen Klassert
Date: Fri Sep 10 2021 - 06:00:53 EST
On Thu, Sep 02, 2021 at 10:04:00PM +0300, Pavel Skripkin wrote:
> Syzbot hit shift-out-of-bounds in xfrm_get_default. The problem was in
> missing validation check for user data.
>
> up->dirmask comes from user-space, so we need to check if this value
> is less than XFRM_USERPOLICY_DIRMASK_MAX to avoid shift-out-of-bounds bugs.
>
> Fixes: 2d151d39073a ("xfrm: Add possibility to set the default to block if we have no policy")
> Reported-and-tested-by: syzbot+b2be9dd8ca6f6c73ee2d@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
Applied, thanks Pavel!