From patchwork Wed Mar 31 10:17:04 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Timo Teras X-Patchwork-Id: 49119 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 7F0FDB7ED7 for ; Wed, 31 Mar 2010 21:17:34 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933205Ab0CaKRa (ORCPT ); Wed, 31 Mar 2010 06:17:30 -0400 Received: from ey-out-2122.google.com ([74.125.78.25]:59811 "EHLO ey-out-2122.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933202Ab0CaKR2 (ORCPT ); Wed, 31 Mar 2010 06:17:28 -0400 Received: by ey-out-2122.google.com with SMTP id d26so1356113eyd.19 for ; Wed, 31 Mar 2010 03:17:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:from:to:cc:subject :date:message-id:x-mailer:in-reply-to:references; bh=yptR1kQ02iRafdMiBlMnTB9azr/QzRL9Bdm1rm7ndqU=; b=ACexiNtwn9pZolmGirKyj9GKDVEjdxsBSMLNIYLdhBl9E1GkcR8DuEQBT/96ER2ZEb 2zlLLckeBlz40rzzVvIoYgR7rBC7/WQWqRbtQaaiai6XhatnPNy45QqTmr1cRyMNdbcK pL01tyvIZUh0vuNhAfuCyjawrJJXmcWxkEAKM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references; b=R6XN/GCEZNEQDrsQGnlfhKroA+DHrA3CoFHFTcLrDFAl7DUwAJLTzJ4rmF2qyCmKbB tRewgjxydD4t/EgMabyCKNOz9leu95Nu3ec3L6VEKO+/a6+ejE45KhdeB180JQ6vTiA4 xysbFg/BqQ3CBHIllbPHXyGjcJePTjLEfCezk= Received: by 10.213.40.75 with SMTP id j11mr982269ebe.21.1270030646548; Wed, 31 Mar 2010 03:17:26 -0700 (PDT) Received: from localhost.localdomain (letku109.adsl.netsonic.fi [194.29.195.109]) by mx.google.com with ESMTPS id 16sm3592282ewy.11.2010.03.31.03.17.25 (version=SSLv3 cipher=RC4-MD5); Wed, 31 Mar 2010 03:17:26 -0700 (PDT) From: Timo Teras To: netdev@vger.kernel.org Cc: Herbert Xu , Timo Teras Subject: [PATCH 2/4] xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler Date: Wed, 31 Mar 2010 13:17:04 +0300 Message-Id: <1270030626-16687-4-git-send-email-timo.teras@iki.fi> X-Mailer: git-send-email 1.6.3.3 In-Reply-To: <1270030626-16687-1-git-send-email-timo.teras@iki.fi> References: <1270030626-16687-1-git-send-email-timo.teras@iki.fi> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting per-socket policy which is not allowed. Signed-off-by: Timo Teras Acked-by: Herbert Xu --- net/xfrm/xfrm_user.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6106b72..da5ba86 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, if (err) return err; + err = verify_policy_dir(p->dir); + if (err) + return err; + if (p->index) xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); else {