Message ID | 1270030626-16687-4-git-send-email-timo.teras@iki.fi |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
On Wed, Mar 31, 2010 at 01:17:04PM +0300, Timo Teras wrote: > Add missing check for policy direction verification. This is > especially important since without this xfrm_user may end up > deleting per-socket policy which is not allowed. > > Signed-off-by: Timo Teras <timo.teras@iki.fi> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Thanks,
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6106b72..da5ba86 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, if (err) return err; + err = verify_policy_dir(p->dir); + if (err) + return err; + if (p->index) xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); else {
Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting per-socket policy which is not allowed. Signed-off-by: Timo Teras <timo.teras@iki.fi> --- net/xfrm/xfrm_user.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)