diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-12-12 21:54:16 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:57:43 -0500 |
| commit | aebcf82c1fe9231be5cb4f9c1362d5db39e7d7b2 (patch) | |
| tree | f164bead26b172ee82d6eaa81a0148d980985bce /net/ipv4/icmp.c | |
| parent | bb72845e699d3c84e5f861b51db686107a51dea5 (diff) | |
[IPSEC]: Do not let packets pass when ICMP flag is off
This fixes a logical error in ICMP policy checks which lets
packets through if the state ICMP flag is off.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/icmp.c')
| -rw-r--r-- | net/ipv4/icmp.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index c41f3cc4fba8..ce5b4be559aa 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
| @@ -977,10 +977,13 @@ int icmp_rcv(struct sk_buff *skb) | |||
| 977 | struct icmphdr *icmph; | 977 | struct icmphdr *icmph; |
| 978 | struct rtable *rt = (struct rtable *)skb->dst; | 978 | struct rtable *rt = (struct rtable *)skb->dst; |
| 979 | 979 | ||
| 980 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb) && skb->sp && | 980 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
| 981 | skb->sp->xvec[skb->sp->len - 1]->props.flags & XFRM_STATE_ICMP) { | ||
| 982 | int nh; | 981 | int nh; |
| 983 | 982 | ||
| 983 | if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags & | ||
| 984 | XFRM_STATE_ICMP)) | ||
| 985 | goto drop; | ||
| 986 | |||
| 984 | if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr))) | 987 | if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr))) |
| 985 | goto drop; | 988 | goto drop; |
| 986 | 989 | ||