aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJamal Hadi Salim <hadi@cyberus.ca>2006-11-19 17:55:30 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-11-21 19:16:35 -0500
commit785fd8b8a597519127c6d9e16e81f48af2ad391e (patch)
tree39e6e66a8daabe1c3ce3f4c7d1d51ef6f72355fe
parent334f3d45d3e0c925eb15003560cdd6f5383c88d0 (diff)
[XFRM]: nlmsg length not computed correctly in the presence of subpolicies
I actually dont have a test case for these; i just found them by inspection. Refer to patch "[XFRM]: Sub-policies broke policy events" for more info Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/xfrm/xfrm_user.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2dae1c1ea362..c4cde57d9216 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1927,6 +1927,9 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
1927 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 1927 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
1928 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 1928 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
1929 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); 1929 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
1930#ifdef CONFIG_XFRM_SUB_POLICY
1931 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
1932#endif
1930 skb = alloc_skb(len, GFP_ATOMIC); 1933 skb = alloc_skb(len, GFP_ATOMIC);
1931 if (skb == NULL) 1934 if (skb == NULL)
1932 return -ENOMEM; 1935 return -ENOMEM;
@@ -2034,6 +2037,9 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve
2034 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2037 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
2035 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 2038 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
2036 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); 2039 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
2040#ifdef CONFIG_XFRM_SUB_POLICY
2041 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
2042#endif
2037 skb = alloc_skb(len, GFP_ATOMIC); 2043 skb = alloc_skb(len, GFP_ATOMIC);
2038 if (skb == NULL) 2044 if (skb == NULL)
2039 return -ENOMEM; 2045 return -ENOMEM;
@@ -2109,10 +2115,12 @@ static int xfrm_notify_policy_flush(struct km_event *c)
2109 struct nlmsghdr *nlh; 2115 struct nlmsghdr *nlh;
2110 struct sk_buff *skb; 2116 struct sk_buff *skb;
2111 unsigned char *b; 2117 unsigned char *b;
2118 int len = 0;
2112#ifdef CONFIG_XFRM_SUB_POLICY 2119#ifdef CONFIG_XFRM_SUB_POLICY
2113 struct xfrm_userpolicy_type upt; 2120 struct xfrm_userpolicy_type upt;
2121 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
2114#endif 2122#endif
2115 int len = NLMSG_LENGTH(0); 2123 len += NLMSG_LENGTH(0);
2116 2124
2117 skb = alloc_skb(len, GFP_ATOMIC); 2125 skb = alloc_skb(len, GFP_ATOMIC);
2118 if (skb == NULL) 2126 if (skb == NULL)