Skip to content

Commit

Permalink
[IPSEC]: Verify key payload in verify_one_algo
Browse files Browse the repository at this point in the history 
We need to verify that the payload contains enough data so that
attach_one_algo can copy alg_key_len bits from the payload.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Herbert Xu authored and David S. Miller committed May 19, 2005
1 parent b9e9dea commit 31c2685
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion net/xfrm/xfrm_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,21 @@ static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type)
{
struct rtattr *rt = xfrma[type - 1];
struct xfrm_algo *algp;
int len;

if (!rt)
return 0;

if ((rt->rta_len - sizeof(*rt)) < sizeof(*algp))
len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp);
if (len < 0)
return -EINVAL;

algp = RTA_DATA(rt);

len -= (algp->alg_key_len + 7U) / 8;
if (len < 0)
return -EINVAL;

switch (type) {
case XFRMA_ALG_AUTH:
if (!algp->alg_key_len &&
Expand Down

0 comments on commit 31c2685

Please sign in to comment.