ANDROID: check dir value of xfrm_userpolicy_id (4443eafd) · Commits · e / devices / android_kernel_oneplus_sm8150

net/xfrm/xfrm_user.c

+18 −0

Original line number	Diff line number	Diff line
		@@ -1723,6 +1723,10 @@ static struct sk_buff xfrm_policy_netlink(struct sk_buff in_skb,
		struct sk_buff *skb;
		int err;

		err = verify_policy_dir(dir);
		if (err)
		return ERR_PTR(err);

		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
		if (!skb)
		return ERR_PTR(-ENOMEM);
		@@ -2246,6 +2250,10 @@ static int xfrm_do_migrate(struct sk_buff skb, struct nlmsghdr nlh,
		struct net *net = sock_net(skb->sk);
		struct xfrm_encap_tmpl *encap = NULL;

		err = verify_policy_dir(pi->dir);
		if (err)
		return err;

		if (attrs[XFRMA_MIGRATE] == NULL)
		return -EINVAL;

		@@ -2379,6 +2387,11 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
		{
		struct net *net = &init_net;
		struct sk_buff *skb;
		int err;

		err = verify_policy_dir(dir);
		if (err)
		return err;

		skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap),
		GFP_ATOMIC);
		@@ -3039,6 +3052,11 @@ static int xfrm_notify_policy_flush(const struct km_event *c)

		static int xfrm_send_policy_notify(struct xfrm_policy xp, int dir, const struct km_event c)
		{
		int err;

		err = verify_policy_dir(dir);
		if (err)
		return err;

		switch (c->event) {
		case XFRM_MSG_NEWPOLICY: