On 7/18/2019 5:46 PM, Herbert Xu wrote:
> On Thu, Jul 18, 2019 at 05:43:04PM +0300, Iuliana Prodan wrote:
>> Based on seqiv, IPsec ESP and rfc4543/rfc4106 the assoclen can be 16 or
>> 20 bytes.
>>
>> >From esp4/esp6, assoclen is sizeof IP Header. This includes spi, seq_no
>> and extended seq_no, that is 8 or 12 bytes.
>> In seqiv, to asscolen is added the IV size (8 bytes).
>> Therefore, the assoclen, for rfc4543, should be restricted to 16 or 20
>> bytes, as for rfc4106.
>>
>> Signed-off-by: Iuliana Prodan <[email protected]>
>
> Why does this matter? Is it for the fuzz test?
>
> Cheers,
>
Yes, this is for fuzz testing.
The generic implementation for rfc4543 considers any assoclen valid,
which is not correct.
Regards,
Iulia
On Thu, Jul 18, 2019 at 02:56:35PM +0000, Iuliana Prodan wrote:
>
> Yes, this is for fuzz testing.
> The generic implementation for rfc4543 considers any assoclen valid,
> which is not correct.
So I presume the driver does enforce the limit. Please actually
state that in the commit description for future reference.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Thu, Jul 18, 2019 at 10:59:07PM +0800, Herbert Xu wrote:
>
> So I presume the driver does enforce the limit. Please actually
> state that in the commit description for future reference.
Also have you looked at whether other drivers would be affected
by this? It wouldn't be so nice if this change makes other drivers
fail the same test as a result.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt