Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 31c26852 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller
Browse files

[IPSEC]: Verify key payload in verify_one_algo 



We need to verify that the payload contains enough data so that
attach_one_algo can copy alg_key_len bits from the payload.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b9e9dead

net/xfrm/xfrm_user.c

+8 −1
Original line number Diff line number Diff line
@@ -34,14 +34,21 @@ static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 
{

	struct rtattr *rt = xfrma[type - 1];

	struct xfrm_algo *algp;

	int len;



	if (!rt)

		return 0;



	if ((rt->rta_len - sizeof(*rt)) < sizeof(*algp))

	len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp);

	if (len < 0)

		return -EINVAL;



	algp = RTA_DATA(rt);



	len -= (algp->alg_key_len + 7U) / 8; 

	if (len < 0)

		return -EINVAL;



	switch (type) {

	case XFRMA_ALG_AUTH:

		if (!algp->alg_key_len &&