git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Fri, 22 Jul 2022 09:16:30 +0000 (11:16 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Fri, 16 Sep 2022 08:53:44 +0000 (10:53 +0200)
commit	76208d8a36a8967d07b925cf4678128650cd1d15
tree	30e8c68a2b1e25739bb18c5c12c1bfca0b9cebdc	tree
parent	0b52e10a8ba8102c25cf570f7c5f817a16cde0d7	commit \| diff

macsec: always read MACSEC_SA_ATTR_PN as a u64

BugLink: https://bugs.launchpad.net/bugs/1989218
[ Upstream commit c630d1fe6219769049c87d1a6a0e9a6de55328a1 ]

Currently, MACSEC_SA_ATTR_PN is handled inconsistently, sometimes as a
u32, sometimes forced into a u64 without checking the actual length of
the attribute. Instead, we can use nla_get_u64 everywhere, which will
read up to 64 bits into a u64, capped by the actual length of the
attribute coming from userspace.

This fixes several issues:
- the check in validate_add_rxsa doesn't work with 32-bit attributes
- the checks in validate_add_txsa and validate_upd_sa incorrectly
reject X << 32 (with X != 0)

Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>