From patchwork Thu Jun 26 13:12:45 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tobias Brunner <tobias@strongswan.org>
X-Patchwork-Id: 364541
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 822D21400AB
	for <patchwork-incoming@ozlabs.org>;
	Thu, 26 Jun 2014 23:20:17 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753366AbaFZNUK (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 26 Jun 2014 09:20:10 -0400
Received: from sifsv-80046.hsr.ch ([152.96.80.46]:40913 "EHLO
	mail.strongswan.org" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org
	with ESMTP id S1750851AbaFZNUJ (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 26 Jun 2014 09:20:09 -0400
X-Greylist: delayed 439 seconds by postgrey-1.27 at vger.kernel.org;
	Thu, 26 Jun 2014 09:20:09 EDT
Received: from [192.168.2.100] (pub082136122240.dh-hfc.datazug.ch
	[82.136.122.240])
	by mail.strongswan.org (Postfix) with ESMTPSA id 1E16A4011C;
	Thu, 26 Jun 2014 15:13:18 +0200 (CEST)
Message-ID: <53AC1C4D.3080305@strongswan.org>
Date: Thu, 26 Jun 2014 15:12:45 +0200
From: Tobias Brunner <tobias@strongswan.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Steffen Klassert <steffen.klassert@secunet.com>,
	"David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org, Fan Du <fan.du@windriver.com>,
	Andreas Steffen <andreas.steffen@strongswan.org>
Subject: [PATCH ipsec] xfrm: Fix installation of AH IPsec SAs
X-Enigmail-Version: 1.6
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba
was intended for IPComp SAs but actually prevented AH SAs from getting
installed (depending on the SPI).

Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp")
Cc: Fan Du <fan.du@windriver.com>
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
---
 net/xfrm/xfrm_user.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 412d9dc..d4db6eb 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
 		    attrs[XFRMA_ALG_AEAD]	||
 		    attrs[XFRMA_ALG_CRYPT]	||
 		    attrs[XFRMA_ALG_COMP]	||
-		    attrs[XFRMA_TFCPAD]		||
-		    (ntohl(p->id.spi) >= 0x10000))
-
+		    attrs[XFRMA_TFCPAD])
 			goto out;
 		break;
 
@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
 		    attrs[XFRMA_ALG_AUTH]	||
 		    attrs[XFRMA_ALG_AUTH_TRUNC]	||
 		    attrs[XFRMA_ALG_CRYPT]	||
-		    attrs[XFRMA_TFCPAD])
+		    attrs[XFRMA_TFCPAD]		||
+		    (ntohl(p->id.spi) >= 0x10000))
 			goto out;
 		break;