Skip to content

Commit

Permalink
[XFRM]: Fix possible overflow of sock->sk_policy
Browse files Browse the repository at this point in the history 
Spotted by, and original patch by, Balazs Scheidler.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Herbert Xu authored and David S. Miller committed Jul 26, 2005
1 parent cadf01c commit a4f1bac
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/xfrm/xfrm_user.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
if (nr > XFRM_MAX_DEPTH)
return NULL;

if (p->dir > XFRM_POLICY_OUT)
return NULL;

xp = xfrm_policy_alloc(GFP_KERNEL);
if (xp == NULL) {
*dir = -ENOBUFS;
Expand Down

0 comments on commit a4f1bac

Please sign in to comment.