Re: [PATCH net v2] net: af_key: initialize alg_key_len for IPComp states

Next message: Charlie Jenkins: "Re: [PATCH 03/16] riscv: kgdb: Use generated instruction headers"
Previous message: Hao Ge: "Re: [PATCH v5 5/6] kselftest: alloc_tag: add kselftest for ioctl interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Tue Jun 16 2026 - 02:02:03 EST

On Mon, Jun 08, 2026 at 06:03:42PM +0200, Sabrina Dubroca wrote:
> note: fixes for IPsec should go to the "ipsec" tree, not net
>
> 2026-06-08, 07:44:41 -0700, Zijing Yin wrote:
> > pfkey_msg2xfrm_state() handles the IPComp (SADB_X_SATYPE_IPCOMP) case by
> > allocating x->calg and copying only the algorithm name:
> >
> > x->calg = kmalloc_obj(*x->calg);
> > if (!x->calg) {
> > err = -ENOMEM;
> > goto out;
> > }
> > strcpy(x->calg->alg_name, a->name);
> > x->props.calgo = sa->sadb_sa_encrypt;
> >
> > Unlike the authentication (x->aalg) and encryption (x->ealg) branches of
> > the same function, the compression branch never initializes
> > calg->alg_key_len. IPComp carries no key and the allocation only
> > reserves sizeof(struct xfrm_algo) (i.e. no room for a key), so the field
> > is left containing uninitialized slab data.
> >
> > calg->alg_key_len is later used as a length by xfrm_algo_clone() when an
> > IPComp state is cloned during XFRM_MSG_MIGRATE:
>
> The patch looks correct, but do we want to start fixing random bugs in
> code that we're trying to get rid of and that nobody actually uses?
>
> If we do, then:
> Reviewed-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>

As long as we have the code in the repo, we do.

Applied, thanks everyone!