Linux内核xfrm模块SA前缀长度验证缺陷修复

从这个网页截图中，我们可以获取到以下关于漏洞的关键信息： 1. 漏洞描述： - 标题：xfrm: validate new SA's prefixlen using SA family when sel.family is unset - 描述：这个漏洞是关于在xfrm模块中，当sel.family未设置时，验证新SA的prefixlen时的错误。它扩展了在commit 07bf7908950a中引入的验证地址长度的验证。 2. 报告和修复： - 报告者：Syzbot - 修复者：Sabrina Dubroca、Steffen Klassert、Antony Antony、Sasha Levin 3. 修复代码： - 文件：net/xfrm/xfrm_user.c - 代码差异： ```diff @@ -176,6 +176,7 @@ static int verify_newsa_info(struct xfrm_usersa_info p, struct netlink_ext_ack extack) { int err; u16 family = p->sel.family; err = -EINVAL; switch (p->family) { case AF_UNSPEC: break; case AF_INET: break; case AF_INET6: break; case AF_NETLINK: break; case AF_PACKET: break; case AF_BRIDGE: break; case AF_XTP: break; case AF_L2TP: break; case AF_TUNNEL: break; case AF_IPX: break; case AF_APPLETALK: break; case AF_NETROM: break; case AF_RDS: break; case AF_SCTP: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case AF_INET: break; case AF_INET6: break; case

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Linux内核xfrm模块SA前缀长度验证缺陷修复

目标达成感谢每一位支持者 — 我们达成了 100% 目标！