Merge branch 'master' into for-next

Fast-forwarded to current state of Linus' tree as there are patches to be applied for files that didn't exist on the old branch.
author: Jiri Kosina <jkosina@suse.cz> 2011-04-26 04:22:15 -0400
committer: Jiri Kosina <jkosina@suse.cz> 2011-04-26 04:22:59 -0400
commit: 07f9479a40cc778bc1462ada11f95b01360ae4ff (patch)
tree: 0676cf38df3844004bb3ebfd99dfa67a4a8998f5 /net/xfrm/xfrm_user.c
parent: 9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf (diff)
parent: cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff)
1 files changed, 28 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 706385ae3e4b..5d1d60d3ca83 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -127,6 +127,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
        if (!rt)
                return 0;
+        if (p->id.proto != IPPROTO_ESP)
+                return -EINVAL;
        if (p->replay_window != 0)
                return -EINVAL;
@@ -360,6 +363,23 @@ static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props,
        return 0;
 }
+static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn,
+                                         struct nlattr *rp)
+{
+        struct xfrm_replay_state_esn *up;
+        if (!replay_esn || !rp)
+                return 0;
+        up = nla_data(rp);
+        if (xfrm_replay_state_esn_len(replay_esn) !=
+                        xfrm_replay_state_esn_len(up))
+                return -EINVAL;
+        return 0;
+}
 static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn,
                                       struct xfrm_replay_state_esn **preplay_esn,
                                       struct nlattr *rta)
@@ -511,7 +531,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
        xfrm_mark_get(attrs, &x->mark);
-        err = xfrm_init_state(x);
+        err = __xfrm_init_state(x, false);
        if (err)
                goto error;
@@ -874,7 +894,7 @@ static int build_spdinfo(struct sk_buff *skb, struct net *net,
        u32 *f;
        nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0);
-        if (nlh == NULL) /* shouldnt really happen ... */
+        if (nlh == NULL) /* shouldn't really happen ... */
                return -EMSGSIZE;
        f = nlmsg_data(nlh);
@@ -934,7 +954,7 @@ static int build_sadinfo(struct sk_buff *skb, struct net *net,
        u32 *f;
        nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0);
-        if (nlh == NULL) /* shouldnt really happen ... */
+        if (nlh == NULL) /* shouldn't really happen ... */
                return -EMSGSIZE;
        f = nlmsg_data(nlh);
@@ -1341,7 +1361,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (!xp)
                return err;
-        /* shouldnt excl be based on nlh flags??
+        /* shouldn't excl be based on nlh flags??
         * Aha! this is anti-netlink really i.e  more pfkey derived
         * in netlink excl is a flag and you wouldnt need
         * a type XFRM_MSG_UPDPOLICY - JHS */
@@ -1766,6 +1786,10 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (x->km.state != XFRM_STATE_VALID)
                goto out;
+        err = xfrm_replay_verify_len(x->replay_esn, rp);
+        if (err)
+                goto out;
        spin_lock_bh(&x->lock);
        xfrm_update_ae_params(x, attrs);
        spin_unlock_bh(&x->lock);
author	Jiri Kosina <jkosina@suse.cz>	2011-04-26 04:22:15 -0400
committer	Jiri Kosina <jkosina@suse.cz>	2011-04-26 04:22:59 -0400
commit	07f9479a40cc778bc1462ada11f95b01360ae4ff (patch)
tree	0676cf38df3844004bb3ebfd99dfa67a4a8998f5 /net/xfrm/xfrm_user.c
parent	9d5e6bdb3013acfb311ab407eeca0b6a6a3dedbf (diff)
parent	cd2e49e90f1cae7726c9a2c54488d881d7f1cd1c (diff)