macsec: fix NULL deref in macsec_add_rxsa

stable inclusion from stable-v5.10.135 commit 54c295a30f000fcb5525c9385144058987356697 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZWFM Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54c295a30f000fcb5525c9385144058987356697 -------------------------------- [ Upstream commit f46040ee ] Commit 48ef50fa added a test on tb_sa[MACSEC_SA_ATTR_PN], but nothing guarantees that it's not NULL at this point. The same code was added to macsec_add_txsa, but there it's not a problem because validate_add_txsa checks that the MACSEC_SA_ATTR_PN attribute is present. Note: it's not possible to reproduce with iproute, because iproute doesn't allow creating an SA without specifying the PN. Fixes: 48ef50fa ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Link: https://bugzilla.kernel.org/show_bug.cgi?id=208315Reported-by: N Frantisek Sumsal <fsumsal@redhat.com> Signed-off-by: N Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>

macsec: fix NULL deref in macsec_add_rxsa
stable inclusion from stable-v5.10.135 commit 54c295a30f000fcb5525c9385144058987356697 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZWFM Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54c295a30f000fcb5525c9385144058987356697 -------------------------------- [ Upstream commit f46040ee ] Commit 48ef50fa added a test on tb_sa[MACSEC_SA_ATTR_PN], but nothing guarantees that it's not NULL at this point. The same code was added to macsec_add_txsa, but there it's not a problem because validate_add_txsa checks that the MACSEC_SA_ATTR_PN attribute is present. Note: it's not possible to reproduce with iproute, because iproute doesn't allow creating an SA without specifying the PN. Fixes: 48ef50fa ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Link: https://bugzilla.kernel.org/show_bug.cgi?id=208315Reported-by: N Frantisek Sumsal <fsumsal@redhat.com> Signed-off-by: N Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: N David S. Miller <davem@davemloft.net> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: N Wei Li <liwei391@huawei.com>
80561e21 · Sabrina Dubroca · Zheng Zengkai · eb72b1cd · 80561e21
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

drivers/net/macsec.c drivers/net/macsec.c +2 -1

未找到文件。
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -1750,7 +1750,8 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
 	}

 	pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN;
-	if (nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
+	if (tb_sa[MACSEC_SA_ATTR_PN] &&
+	    nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len) {
 		pr_notice("macsec: nl: add_rxsa: bad pn length: %d != %d\n",
 			  nla_len(tb_sa[MACSEC_SA_ATTR_PN]), pn_len);
 		rtnl_unlock();