aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/icmp.c
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-12-12 21:54:16 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:57:43 -0500
commitaebcf82c1fe9231be5cb4f9c1362d5db39e7d7b2 (patch)
treef164bead26b172ee82d6eaa81a0148d980985bce /net/ipv6/icmp.c
parentbb72845e699d3c84e5f861b51db686107a51dea5 (diff)
[IPSEC]: Do not let packets pass when ICMP flag is off
This fixes a logical error in ICMP policy checks which lets packets through if the state ICMP flag is off. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/icmp.c')
-rw-r--r--net/ipv6/icmp.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 1659d2fb01fe..c3bbd8687307 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -644,10 +644,13 @@ static int icmpv6_rcv(struct sk_buff *skb)
644 struct icmp6hdr *hdr; 644 struct icmp6hdr *hdr;
645 int type; 645 int type;
646 646
647 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb) && skb->sp && 647 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
648 skb->sp->xvec[skb->sp->len - 1]->props.flags & XFRM_STATE_ICMP) {
649 int nh; 648 int nh;
650 649
650 if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
651 XFRM_STATE_ICMP))
652 goto drop_no_count;
653
651 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 654 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
652 goto drop_no_count; 655 goto drop_no_count;
653 656