Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6a783c90 authored by Nicolas Dichtel's avatar Nicolas Dichtel Committed by David S. Miller
Browse files

xfrm: wrong hash value for temporary SA 



When kernel inserts a temporary SA for IKE, it uses the wrong hash
value for dst list. Two hash values were calcultated before: one with
source address and one with a wildcard source address.

Bug hinted by Junwei Zhang <junwei.zhang@6wind.com>
Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8f955d7f

net/xfrm/xfrm_state.c

+3 −3
Original line number Diff line number Diff line
@@ -794,7 +794,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
{

	static xfrm_address_t saddr_wildcard = { };

	struct net *net = xp_net(pol);

	unsigned int h;

	unsigned int h, h_wildcard;

	struct hlist_node *entry;

	struct xfrm_state *x, *x0, *to_put;

	int acquire_in_progress = 0;
@@ -819,8 +819,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 
	if (best)

		goto found;



	h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);

	hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {

	h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);

	hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {

		if (x->props.family == family &&

		    x->props.reqid == tmpl->reqid &&

		    !(x->props.flags & XFRM_STATE_WILDRECV) &&