Message ID | 53AC1C4D.3080305@strongswan.org |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, Jun 26, 2014 at 03:12:45PM +0200, Tobias Brunner wrote: > The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba > was intended for IPComp SAs but actually prevented AH SAs from getting > installed (depending on the SPI). Yes, this patch was apparently wrong. > > Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp") > Cc: Fan Du <fan.du@windriver.com> > Signed-off-by: Tobias Brunner <tobias@strongswan.org> Applied to the ipsec tree, thanks a lot Tobias! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 412d9dc..d4db6eb 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AEAD] || attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_COMP] || - attrs[XFRMA_TFCPAD] || - (ntohl(p->id.spi) >= 0x10000)) - + attrs[XFRMA_TFCPAD]) goto out; break; @@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AUTH] || attrs[XFRMA_ALG_AUTH_TRUNC] || attrs[XFRMA_ALG_CRYPT] || - attrs[XFRMA_TFCPAD]) + attrs[XFRMA_TFCPAD] || + (ntohl(p->id.spi) >= 0x10000)) goto out; break;
The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba was intended for IPComp SAs but actually prevented AH SAs from getting installed (depending on the SPI). Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp") Cc: Fan Du <fan.du@windriver.com> Signed-off-by: Tobias Brunner <tobias@strongswan.org> --- net/xfrm/xfrm_user.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)