net/key/af_key.c: add range checks on ->sadb_x_policy_len
Because sizeof() is size_t then if "len" is negative, it counts as a
large positive value.
The call tree looks like:
pfkey_sendmsg()
-> pfkey_process()
-> pfkey_spdadd()
-> parse_ipsecrequests()
Signed-off-by: 
Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Loading
Please register or sign in to comment