From 6c594eff442253906ddc464cf01da1494a115451 Mon Sep 17 00:00:00 2001
From: Paul Moore <pmoore@redhat.com>
Date: Fri, 1 Jun 2012 05:54:56 +0000
Subject: [PATCH] --- yaml --- r: 310411 b: refs/heads/master c:
 20e2a86485967c385d7c7befc1646e4d1d39362e h: refs/heads/master i:   310409:
 0aaee370e6509d7fe3216f846439c0577210bad6   310407:
 6e05d53d96a9b69a5d89c29fb0e8dfad14015509 v: v3

---
 [refs]                         |  2 +-
 trunk/include/net/cipso_ipv4.h | 29 ++++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index a718f9a78086..5cb347e020f0 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc
+refs/heads/master: 20e2a86485967c385d7c7befc1646e4d1d39362e
diff --git a/trunk/include/net/cipso_ipv4.h b/trunk/include/net/cipso_ipv4.h
index 9808877c2ab9..a7a683e30b64 100644
--- a/trunk/include/net/cipso_ipv4.h
+++ b/trunk/include/net/cipso_ipv4.h
@@ -42,6 +42,7 @@
 #include <net/netlabel.h>
 #include <net/request_sock.h>
 #include <linux/atomic.h>
+#include <asm/unaligned.h>
 
 /* known doi values */
 #define CIPSO_V4_DOI_UNKNOWN          0x00000000
@@ -285,7 +286,33 @@ static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
 static inline int cipso_v4_validate(const struct sk_buff *skb,
 				    unsigned char **option)
 {
-	return -ENOSYS;
+	unsigned char *opt = *option;
+	unsigned char err_offset = 0;
+	u8 opt_len = opt[1];
+	u8 opt_iter;
+
+	if (opt_len < 8) {
+		err_offset = 1;
+		goto out;
+	}
+
+	if (get_unaligned_be32(&opt[2]) == 0) {
+		err_offset = 2;
+		goto out;
+	}
+
+	for (opt_iter = 6; opt_iter < opt_len;) {
+		if (opt[opt_iter + 1] > (opt_len - opt_iter)) {
+			err_offset = opt_iter + 1;
+			goto out;
+		}
+		opt_iter += opt[opt_iter + 1];
+	}
+
+out:
+	*option = opt + err_offset;
+	return err_offset;
+
 }
 #endif /* CONFIG_NETLABEL */