On Mon, Nov 27, 2017 at 11:15:16AM -0800, Cong Wang wrote: > syzbot reported a kernel warning in xfrm_state_fini(), which > indicates that we have entries left in the list > net->xfrm.state_all whose proto is zero. And > xfrm_id_proto_match() doesn't consider them as a match with > IPSEC_PROTO_ANY in this case. > > Proto with value 0 is probably not a valid value, at least > verify_newsa_info() doesn't consider it valid either. > > This patch fixes it by checking the proto value in > validate_tmpl() and rejecting invalid ones, like what iproute2 > does in xfrm_xfrmproto_getbyname(). > > Reported-by: syzbot <[email protected]> > Cc: Steffen Klassert <[email protected]> > Cc: Herbert Xu <[email protected]> > Signed-off-by: Cong Wang <[email protected]>
Patch applied, thanks!
