diff options
author | David S. Miller <davem@davemloft.net> | 2012-09-28 14:40:49 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-09-28 14:40:49 -0400 |
commit | 6a06e5e1bb217be077e1f8ee2745b4c5b1aa02db (patch) | |
tree | 8faea23112a11f52524eb413f71b7b02712d8b53 /net/xfrm/xfrm_user.c | |
parent | d9f72f359e00a45a6cd7cc2d5121b04b9dc927e1 (diff) | |
parent | 6672d90fe779dc0dfffe027c3ede12609df091c2 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts:
drivers/net/team/team.c
drivers/net/usb/qmi_wwan.c
net/batman-adv/bat_iv_ogm.c
net/ipv4/fib_frontend.c
net/ipv4/route.c
net/l2tp/l2tp_netlink.c
The team, fib_frontend, route, and l2tp_netlink conflicts were simply
overlapping changes.
qmi_wwan and bat_iv_ogm were of the "use HEAD" variety.
With help from Antonio Quartulli.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
-rw-r--r-- | net/xfrm/xfrm_user.c | 57 |
1 files changed, 42 insertions, 15 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 5d6eb4b3c089..94a2a1f726f9 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -123,9 +123,21 @@ static inline int verify_replay(struct xfrm_usersa_info *p, | |||
123 | struct nlattr **attrs) | 123 | struct nlattr **attrs) |
124 | { | 124 | { |
125 | struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; | 125 | struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; |
126 | struct xfrm_replay_state_esn *rs; | ||
126 | 127 | ||
127 | if ((p->flags & XFRM_STATE_ESN) && !rt) | 128 | if (p->flags & XFRM_STATE_ESN) { |
128 | return -EINVAL; | 129 | if (!rt) |
130 | return -EINVAL; | ||
131 | |||
132 | rs = nla_data(rt); | ||
133 | |||
134 | if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) | ||
135 | return -EINVAL; | ||
136 | |||
137 | if (nla_len(rt) < xfrm_replay_state_esn_len(rs) && | ||
138 | nla_len(rt) != sizeof(*rs)) | ||
139 | return -EINVAL; | ||
140 | } | ||
129 | 141 | ||
130 | if (!rt) | 142 | if (!rt) |
131 | return 0; | 143 | return 0; |
@@ -370,14 +382,15 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es | |||
370 | struct nlattr *rp) | 382 | struct nlattr *rp) |
371 | { | 383 | { |
372 | struct xfrm_replay_state_esn *up; | 384 | struct xfrm_replay_state_esn *up; |
385 | int ulen; | ||
373 | 386 | ||
374 | if (!replay_esn || !rp) | 387 | if (!replay_esn || !rp) |
375 | return 0; | 388 | return 0; |
376 | 389 | ||
377 | up = nla_data(rp); | 390 | up = nla_data(rp); |
391 | ulen = xfrm_replay_state_esn_len(up); | ||
378 | 392 | ||
379 | if (xfrm_replay_state_esn_len(replay_esn) != | 393 | if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen) |
380 | xfrm_replay_state_esn_len(up)) | ||
381 | return -EINVAL; | 394 | return -EINVAL; |
382 | 395 | ||
383 | return 0; | 396 | return 0; |
@@ -388,22 +401,28 @@ static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn | |||
388 | struct nlattr *rta) | 401 | struct nlattr *rta) |
389 | { | 402 | { |
390 | struct xfrm_replay_state_esn *p, *pp, *up; | 403 | struct xfrm_replay_state_esn *p, *pp, *up; |
404 | int klen, ulen; | ||
391 | 405 | ||
392 | if (!rta) | 406 | if (!rta) |
393 | return 0; | 407 | return 0; |
394 | 408 | ||
395 | up = nla_data(rta); | 409 | up = nla_data(rta); |
410 | klen = xfrm_replay_state_esn_len(up); | ||
411 | ulen = nla_len(rta) >= klen ? klen : sizeof(*up); | ||
396 | 412 | ||
397 | p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); | 413 | p = kzalloc(klen, GFP_KERNEL); |
398 | if (!p) | 414 | if (!p) |
399 | return -ENOMEM; | 415 | return -ENOMEM; |
400 | 416 | ||
401 | pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); | 417 | pp = kzalloc(klen, GFP_KERNEL); |
402 | if (!pp) { | 418 | if (!pp) { |
403 | kfree(p); | 419 | kfree(p); |
404 | return -ENOMEM; | 420 | return -ENOMEM; |
405 | } | 421 | } |
406 | 422 | ||
423 | memcpy(p, up, ulen); | ||
424 | memcpy(pp, up, ulen); | ||
425 | |||
407 | *replay_esn = p; | 426 | *replay_esn = p; |
408 | *preplay_esn = pp; | 427 | *preplay_esn = pp; |
409 | 428 | ||
@@ -442,10 +461,11 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info * | |||
442 | * somehow made shareable and move it to xfrm_state.c - JHS | 461 | * somehow made shareable and move it to xfrm_state.c - JHS |
443 | * | 462 | * |
444 | */ | 463 | */ |
445 | static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) | 464 | static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs, |
465 | int update_esn) | ||
446 | { | 466 | { |
447 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; | 467 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; |
448 | struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; | 468 | struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL; |
449 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; | 469 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; |
450 | struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; | 470 | struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; |
451 | struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; | 471 | struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; |
@@ -555,7 +575,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
555 | goto error; | 575 | goto error; |
556 | 576 | ||
557 | /* override default values from above */ | 577 | /* override default values from above */ |
558 | xfrm_update_ae_params(x, attrs); | 578 | xfrm_update_ae_params(x, attrs, 0); |
559 | 579 | ||
560 | return x; | 580 | return x; |
561 | 581 | ||
@@ -689,6 +709,7 @@ out: | |||
689 | 709 | ||
690 | static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) | 710 | static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) |
691 | { | 711 | { |
712 | memset(p, 0, sizeof(*p)); | ||
692 | memcpy(&p->id, &x->id, sizeof(p->id)); | 713 | memcpy(&p->id, &x->id, sizeof(p->id)); |
693 | memcpy(&p->sel, &x->sel, sizeof(p->sel)); | 714 | memcpy(&p->sel, &x->sel, sizeof(p->sel)); |
694 | memcpy(&p->lft, &x->lft, sizeof(p->lft)); | 715 | memcpy(&p->lft, &x->lft, sizeof(p->lft)); |
@@ -742,7 +763,7 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) | |||
742 | return -EMSGSIZE; | 763 | return -EMSGSIZE; |
743 | 764 | ||
744 | algo = nla_data(nla); | 765 | algo = nla_data(nla); |
745 | strcpy(algo->alg_name, auth->alg_name); | 766 | strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name)); |
746 | memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); | 767 | memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); |
747 | algo->alg_key_len = auth->alg_key_len; | 768 | algo->alg_key_len = auth->alg_key_len; |
748 | 769 | ||
@@ -878,6 +899,7 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, | |||
878 | { | 899 | { |
879 | struct xfrm_dump_info info; | 900 | struct xfrm_dump_info info; |
880 | struct sk_buff *skb; | 901 | struct sk_buff *skb; |
902 | int err; | ||
881 | 903 | ||
882 | skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); | 904 | skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); |
883 | if (!skb) | 905 | if (!skb) |
@@ -888,9 +910,10 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, | |||
888 | info.nlmsg_seq = seq; | 910 | info.nlmsg_seq = seq; |
889 | info.nlmsg_flags = 0; | 911 | info.nlmsg_flags = 0; |
890 | 912 | ||
891 | if (dump_one_state(x, 0, &info)) { | 913 | err = dump_one_state(x, 0, &info); |
914 | if (err) { | ||
892 | kfree_skb(skb); | 915 | kfree_skb(skb); |
893 | return NULL; | 916 | return ERR_PTR(err); |
894 | } | 917 | } |
895 | 918 | ||
896 | return skb; | 919 | return skb; |
@@ -1317,6 +1340,7 @@ static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy | |||
1317 | 1340 | ||
1318 | static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) | 1341 | static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) |
1319 | { | 1342 | { |
1343 | memset(p, 0, sizeof(*p)); | ||
1320 | memcpy(&p->sel, &xp->selector, sizeof(p->sel)); | 1344 | memcpy(&p->sel, &xp->selector, sizeof(p->sel)); |
1321 | memcpy(&p->lft, &xp->lft, sizeof(p->lft)); | 1345 | memcpy(&p->lft, &xp->lft, sizeof(p->lft)); |
1322 | memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); | 1346 | memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); |
@@ -1421,6 +1445,7 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) | |||
1421 | struct xfrm_user_tmpl *up = &vec[i]; | 1445 | struct xfrm_user_tmpl *up = &vec[i]; |
1422 | struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; | 1446 | struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; |
1423 | 1447 | ||
1448 | memset(up, 0, sizeof(*up)); | ||
1424 | memcpy(&up->id, &kp->id, sizeof(up->id)); | 1449 | memcpy(&up->id, &kp->id, sizeof(up->id)); |
1425 | up->family = kp->encap_family; | 1450 | up->family = kp->encap_family; |
1426 | memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); | 1451 | memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); |
@@ -1546,6 +1571,7 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, | |||
1546 | { | 1571 | { |
1547 | struct xfrm_dump_info info; | 1572 | struct xfrm_dump_info info; |
1548 | struct sk_buff *skb; | 1573 | struct sk_buff *skb; |
1574 | int err; | ||
1549 | 1575 | ||
1550 | skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); | 1576 | skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); |
1551 | if (!skb) | 1577 | if (!skb) |
@@ -1556,9 +1582,10 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, | |||
1556 | info.nlmsg_seq = seq; | 1582 | info.nlmsg_seq = seq; |
1557 | info.nlmsg_flags = 0; | 1583 | info.nlmsg_flags = 0; |
1558 | 1584 | ||
1559 | if (dump_one_policy(xp, dir, 0, &info) < 0) { | 1585 | err = dump_one_policy(xp, dir, 0, &info); |
1586 | if (err) { | ||
1560 | kfree_skb(skb); | 1587 | kfree_skb(skb); |
1561 | return NULL; | 1588 | return ERR_PTR(err); |
1562 | } | 1589 | } |
1563 | 1590 | ||
1564 | return skb; | 1591 | return skb; |
@@ -1822,7 +1849,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1822 | goto out; | 1849 | goto out; |
1823 | 1850 | ||
1824 | spin_lock_bh(&x->lock); | 1851 | spin_lock_bh(&x->lock); |
1825 | xfrm_update_ae_params(x, attrs); | 1852 | xfrm_update_ae_params(x, attrs, 1); |
1826 | spin_unlock_bh(&x->lock); | 1853 | spin_unlock_bh(&x->lock); |
1827 | 1854 | ||
1828 | c.event = nlh->nlmsg_type; | 1855 | c.event = nlh->nlmsg_type; |