Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a0e5ef53 authored by Tobias Brunner's avatar Tobias Brunner Committed by Steffen Klassert
Browse files

xfrm: Fix installation of AH IPsec SAs 



The SPI check introduced in ea9884b3
was intended for IPComp SAs but actually prevented AH SAs from getting
installed (depending on the SPI).

Fixes: ea9884b3 ("xfrm: check user specified spi for IPComp")
Cc: Fan Du <fan.du@windriver.com>
Signed-off-by: default avatarTobias Brunner <tobias@strongswan.org>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent b7eea454

net/xfrm/xfrm_user.c

+3 −4
Original line number Diff line number Diff line
@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		    attrs[XFRMA_ALG_AEAD]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_ALG_COMP]	||

		    attrs[XFRMA_TFCPAD]		||

		    (ntohl(p->id.spi) >= 0x10000))



		    attrs[XFRMA_TFCPAD])

			goto out;

		break;
@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		    attrs[XFRMA_ALG_AUTH]	||

		    attrs[XFRMA_ALG_AUTH_TRUNC]	||

		    attrs[XFRMA_ALG_CRYPT]	||

		    attrs[XFRMA_TFCPAD])

		    attrs[XFRMA_TFCPAD]		||

		    (ntohl(p->id.spi) >= 0x10000))

			goto out;

		break;