diff options
author | Timo Teräs <timo.teras@iki.fi> | 2010-03-30 20:17:04 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-04-01 22:41:35 -0400 |
commit | c8bf4d04f970fafb3430d332533e1cf103f2a018 (patch) | |
tree | 5d0a7507da01350b64fe182d7906bc0d85166f8b /net | |
parent | 34996cb91dd72f0b0456d8fd3fef4aaee62232f2 (diff) |
xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
Add missing check for policy direction verification. This is
especially important since without this xfrm_user may end up
deleting per-socket policy which is not allowed.
Signed-off-by: Timo Teras <timo.teras@iki.fi>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6106b72826d3..da5ba86181de 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1741 | if (err) | 1741 | if (err) |
1742 | return err; | 1742 | return err; |
1743 | 1743 | ||
1744 | err = verify_policy_dir(p->dir); | ||
1745 | if (err) | ||
1746 | return err; | ||
1747 | |||
1744 | if (p->index) | 1748 | if (p->index) |
1745 | xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); | 1749 | xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); |
1746 | else { | 1750 | else { |