diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2006-11-19 17:55:30 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-11-21 19:16:35 -0500 |
commit | 785fd8b8a597519127c6d9e16e81f48af2ad391e (patch) | |
tree | 39e6e66a8daabe1c3ce3f4c7d1d51ef6f72355fe | |
parent | 334f3d45d3e0c925eb15003560cdd6f5383c88d0 (diff) |
[XFRM]: nlmsg length not computed correctly in the presence of subpolicies
I actually dont have a test case for these; i just found them by
inspection. Refer to patch "[XFRM]: Sub-policies broke policy events"
for more info
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/xfrm/xfrm_user.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2dae1c1ea362..c4cde57d9216 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1927,6 +1927,9 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, | |||
1927 | len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); | 1927 | len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); |
1928 | len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); | 1928 | len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); |
1929 | len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); | 1929 | len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); |
1930 | #ifdef CONFIG_XFRM_SUB_POLICY | ||
1931 | len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); | ||
1932 | #endif | ||
1930 | skb = alloc_skb(len, GFP_ATOMIC); | 1933 | skb = alloc_skb(len, GFP_ATOMIC); |
1931 | if (skb == NULL) | 1934 | if (skb == NULL) |
1932 | return -ENOMEM; | 1935 | return -ENOMEM; |
@@ -2034,6 +2037,9 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve | |||
2034 | len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); | 2037 | len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); |
2035 | len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); | 2038 | len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); |
2036 | len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); | 2039 | len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); |
2040 | #ifdef CONFIG_XFRM_SUB_POLICY | ||
2041 | len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); | ||
2042 | #endif | ||
2037 | skb = alloc_skb(len, GFP_ATOMIC); | 2043 | skb = alloc_skb(len, GFP_ATOMIC); |
2038 | if (skb == NULL) | 2044 | if (skb == NULL) |
2039 | return -ENOMEM; | 2045 | return -ENOMEM; |
@@ -2109,10 +2115,12 @@ static int xfrm_notify_policy_flush(struct km_event *c) | |||
2109 | struct nlmsghdr *nlh; | 2115 | struct nlmsghdr *nlh; |
2110 | struct sk_buff *skb; | 2116 | struct sk_buff *skb; |
2111 | unsigned char *b; | 2117 | unsigned char *b; |
2118 | int len = 0; | ||
2112 | #ifdef CONFIG_XFRM_SUB_POLICY | 2119 | #ifdef CONFIG_XFRM_SUB_POLICY |
2113 | struct xfrm_userpolicy_type upt; | 2120 | struct xfrm_userpolicy_type upt; |
2121 | len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); | ||
2114 | #endif | 2122 | #endif |
2115 | int len = NLMSG_LENGTH(0); | 2123 | len += NLMSG_LENGTH(0); |
2116 | 2124 | ||
2117 | skb = alloc_skb(len, GFP_ATOMIC); | 2125 | skb = alloc_skb(len, GFP_ATOMIC); |
2118 | if (skb == NULL) | 2126 | if (skb == NULL) |