summaryrefslogtreecommitdiff
path: root/crypto.h
blob: d06da00146c654a1612c5578e947d5ba4d9267b1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#ifndef CRYPTO_H
#define CRYPTO_H

#include "crypto_verify_32.h"
#include "crypto_hash_sha512.h"
#include "crypto_box_curve25519xsalsa20poly1305.h"
#include "crypto_scalarmult_curve25519.h"
#include "crypto_auth_hmacsha512256.h"

#define crypto_box_zerobytes		crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
#define crypto_box_boxzerobytes		crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
#define crypto_box_noncebytes		crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
#define crypto_box_beforenmbytes	crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
#define crypto_box_beforenm		crypto_box_curve25519xsalsa20poly1305_beforenm
#define crypto_box_afternm		crypto_box_curve25519xsalsa20poly1305_afternm
#define crypto_box_open_afternm		crypto_box_curve25519xsalsa20poly1305_open_afternm
#define crypto_box_pub_key_size		crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
#define crypto_box_sec_key_size		crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES

#endif /* CRYPTO_H */
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-18 10:37:41 +0000
7db7454dc775423675d075653 (patch) treeca897a9f8aaab617628ab70e887a02b8432e42bf /net/mpls/af_mpls.c parent72dcac96c7f8320caf80dfaa559331174060a1ce (diff)
mpls: fix out-of-bounds access when via address not specified
When a via address isn't specified, the via table is left initialised to 0 (NEIGH_ARP_TABLE), and the via address length also left initialised to 0. This results in a via address array of length 0 being allocated (contiguous with route and nexthop array), meaning that when a packet is sent using neigh_xmit the neighbour lookup and creation will cause an out-of-bounds access when accessing the 4 bytes of the IPv4 address it assumes it has been given a pointer to. This could be fixed by allocating the 4 bytes of via address necessary and leaving it as all zeroes. However, it seems wrong to me to use an ipv4 nexthop (including possibly ARPing for 0.0.0.0) when the user didn't specify to do so. Instead, set the via address table to NEIGH_NR_TABLES to signify it hasn't been specified and use this at forwarding time to signify a neigh_xmit using an L2 address consisting of the device address. This mechanism is the same as that used for both ARP and ND for loopback interfaces and those flagged as no-arp, which are all we can really support in this case. Fixes: cf4b24f0024f ("mpls: reduce memory usage of routes") Signed-off-by: Robert Shearman <rshearma@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mpls/af_mpls.c')