On Tue, Jul 21, 2020 at 06:23:54AM -0700, Mark Salyzyn wrote: > In pfkey_dump() dplen and splen can both be specified to access the > xfrm_address_t structure out of bounds in__xfrm_state_filter_match() > when it calls addr_match() with the indexes. Return EINVAL if either > are out of range. > > Signed-off-by: Mark Salyzyn <saly...@android.com> > Cc: netdev@vger.kernel.org > Cc: linux-ker...@vger.kernel.org > Cc: kernel-t...@android.com > --- > Should be back ported to the stable queues because this is a out of > bounds access.
Please do a v2 and add a proper 'Fixes' tag if this is a fix that needs to be backported. Thanks!
