代码拉取完成,页面将自动刷新
From 49c20efaa783449dca424cc50e4ee4b2fc5351cc Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 27 Nov 2023 21:15:06 +0100
Subject: [PATCH] xfrm: fix crashes in case of ENOMEM
Conflict:The pre-optimization patch 9e7b5c8 is not integrated. As a result, context adaptation occurs.
Reference:https://github.com/thom311/libnl/commit/49c20efaa783449dca424cc50e4ee4b2fc5351cc
---
lib/xfrm/ae.c | 11 +++++++--
lib/xfrm/sa.c | 64 ++++++++++++++++++++++++++++++++++++++++-----------
lib/xfrm/sp.c | 40 +++++++++++++++++++++++++-------
3 files changed, 91 insertions(+), 24 deletions(-)
diff --git a/lib/xfrm/ae.c b/lib/xfrm/ae.c
index 69c8e7e..44c43ed 100644
--- a/lib/xfrm/ae.c
+++ b/lib/xfrm/ae.c
@@ -506,11 +506,18 @@ int xfrmnl_ae_parse(struct nlmsghdr *n, struct xfrmnl_ae **result)
if (err < 0)
goto errout;
- ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr, sizeof (ae_id->sa_id.daddr));
+ if (!(ae->sa_id.daddr = nl_addr_build(ae_id->sa_id.family, &ae_id->sa_id.daddr,
+ sizeof (ae_id->sa_id.daddr)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
ae->sa_id.family= ae_id->sa_id.family;
ae->sa_id.spi = ntohl(ae_id->sa_id.spi);
ae->sa_id.proto = ae_id->sa_id.proto;
- ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr));
+ if (!(ae->saddr = nl_addr_build(ae_id->sa_id.family, &ae_id->saddr, sizeof (ae_id->saddr)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
ae->reqid = ae_id->reqid;
ae->flags = ae_id->flags;
ae->ce_mask |= (XFRM_AE_ATTR_DADDR | XFRM_AE_ATTR_FAMILY | XFRM_AE_ATTR_SPI |
diff --git a/lib/xfrm/sa.c b/lib/xfrm/sa.c
index 90b6335..ea0d333 100644
--- a/lib/xfrm/sa.c
+++ b/lib/xfrm/sa.c
@@ -718,9 +718,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
goto errout;
if (sa_info->sel.family == AF_INET)
- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4));
+ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a4, sizeof (sa_info->sel.daddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6));
+ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.daddr.a6, sizeof (sa_info->sel.daddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_d);
xfrmnl_sel_set_daddr (sa->sel, addr);
/* Drop the reference count from the above set operation */
@@ -728,9 +734,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
xfrmnl_sel_set_prefixlen_d (sa->sel, sa_info->sel.prefixlen_d);
if (sa_info->sel.family == AF_INET)
- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4));
+ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a4, sizeof (sa_info->sel.saddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6));
+ if (!(addr = nl_addr_build (sa_info->sel.family, &sa_info->sel.saddr.a6, sizeof (sa_info->sel.saddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
nl_addr_set_prefixlen (addr, sa_info->sel.prefixlen_s);
xfrmnl_sel_set_saddr (sa->sel, addr);
/* Drop the reference count from the above set operation */
@@ -748,17 +760,29 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
sa->ce_mask |= XFRM_SA_ATTR_SEL;
if (sa_info->family == AF_INET)
- sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4));
+ if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a4, sizeof (sa_info->id.daddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6));
+ if (!(sa->id.daddr = nl_addr_build (sa_info->family, &sa_info->id.daddr.a6, sizeof (sa_info->id.daddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
sa->id.spi = ntohl(sa_info->id.spi);
sa->id.proto = sa_info->id.proto;
sa->ce_mask |= (XFRM_SA_ATTR_DADDR | XFRM_SA_ATTR_SPI | XFRM_SA_ATTR_PROTO);
if (sa_info->family == AF_INET)
- sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4));
+ if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a4, sizeof (sa_info->saddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6));
+ if (!(sa->saddr = nl_addr_build (sa_info->family, &sa_info->saddr.a6, sizeof (sa_info->saddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
sa->ce_mask |= XFRM_SA_ATTR_SADDR;
sa->lft->soft_byte_limit = sa_info->lft.soft_byte_limit;
@@ -866,9 +890,15 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
sa->encap->encap_sport = ntohs(encap->encap_sport);
sa->encap->encap_dport = ntohs(encap->encap_dport);
if (sa_info->family == AF_INET)
- sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4));
+ if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a4, sizeof (encap->encap_oa.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6));
+ if (!(sa->encap->encap_oa = nl_addr_build (sa_info->family, &encap->encap_oa.a6, sizeof (encap->encap_oa.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
sa->ce_mask |= XFRM_SA_ATTR_ENCAP;
}
@@ -880,13 +910,19 @@ int xfrmnl_sa_parse(struct nlmsghdr *n, struct xfrmnl_sa **result)
if (tb[XFRMA_COADDR]) {
if (sa_info->family == AF_INET)
{
- sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
- sizeof (uint32_t));
+ if (!(sa->coaddr = nl_addr_build(
+ sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
}
else
{
- sa->coaddr = nl_addr_build(sa_info->family, nla_data(tb[XFRMA_COADDR]),
- sizeof (uint32_t) * 4);
+ if (!(sa->coaddr = nl_addr_build(
+ sa_info->family, nla_data(tb[XFRMA_COADDR]), sizeof (uint32_t) * 4))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
}
sa->ce_mask |= XFRM_SA_ATTR_COADDR;
}
diff --git a/lib/xfrm/sp.c b/lib/xfrm/sp.c
index d3d9778..38002da 100644
--- a/lib/xfrm/sp.c
+++ b/lib/xfrm/sp.c
@@ -558,9 +558,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
}
if (sp_info->sel.family == AF_INET)
- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4));
+ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a4, sizeof (sp_info->sel.daddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6));
+ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.daddr.a6, sizeof (sp_info->sel.daddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_d);
xfrmnl_sel_set_daddr (sp->sel, addr);
/* Drop the reference count from the above set operation */
@@ -568,9 +574,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
xfrmnl_sel_set_prefixlen_d (sp->sel, sp_info->sel.prefixlen_d);
if (sp_info->sel.family == AF_INET)
- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4));
+ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a4, sizeof (sp_info->sel.saddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6));
+ if (!(addr = nl_addr_build (sp_info->sel.family, &sp_info->sel.saddr.a6, sizeof (sp_info->sel.saddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
nl_addr_set_prefixlen (addr, sp_info->sel.prefixlen_s);
xfrmnl_sel_set_saddr (sp->sel, addr);
/* Drop the reference count from the above set operation */
@@ -647,9 +659,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
}
if (tmpl->family == AF_INET)
- addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4));
+ if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a4, sizeof (tmpl->id.daddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6));
+ if (!(addr = nl_addr_build(tmpl->family, &tmpl->id.daddr.a6, sizeof (tmpl->id.daddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
xfrmnl_user_tmpl_set_daddr (sputmpl, addr);
/* Drop the reference count from the above set operation */
nl_addr_put(addr);
@@ -658,9 +676,15 @@ int xfrmnl_sp_parse(struct nlmsghdr *n, struct xfrmnl_sp **result)
xfrmnl_user_tmpl_set_family (sputmpl, tmpl->family);
if (tmpl->family == AF_INET)
- addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4));
+ if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a4, sizeof (tmpl->saddr.a4)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
else
- addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6));
+ if (!(addr = nl_addr_build(tmpl->family, &tmpl->saddr.a6, sizeof (tmpl->saddr.a6)))) {
+ err = -NLE_NOMEM;
+ goto errout;
+ }
xfrmnl_user_tmpl_set_saddr (sputmpl, addr);
/* Drop the reference count from the above set operation */
nl_addr_put(addr);
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手