diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-07-26 16:40:31 -0700 |
---|---|---|
committer | Chris Wright <chrisw@osdl.org> | 2005-08-05 00:04:21 -0700 |
commit | e7cd6bfe6c56856eecb79a8cfd3d60599a8b280f (patch) | |
tree | b755c17703aad27345665599eba45258a505482e | |
parent | 1541b785b9c11b639ba5f60f4c5de5bff235f7d8 (diff) |
[PATCH] Fix possible overflow of sock->sk_policy
[XFRM]: Fix possible overflow of sock->sk_policy
Spotted by, and original patch by, Balazs Scheidler.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 97509011c274..aff9a80f72c8 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1180,6 +1180,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, if (nr > XFRM_MAX_DEPTH) return NULL; + if (p->dir > XFRM_POLICY_OUT) + return NULL; + xp = xfrm_policy_alloc(GFP_KERNEL); if (xp == NULL) { *dir = -ENOBUFS; |