aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-07-26 18:43:17 -0400
committerDavid S. Miller <davem@davemloft.net>2005-07-26 18:43:17 -0400
commita4f1bac62564049ea4718c4624b0fadc9f597c84 (patch)
tree294ef690f2b8978ee83b9e4e7dadbfb391ea1f94 /net
parentcadf01c2fc0cd66dfef4956ef1a6482ed01c3150 (diff)
[XFRM]: Fix possible overflow of sock->sk_policy
Spotted by, and original patch by, Balazs Scheidler. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/xfrm/xfrm_user.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index ecade4893a13..8da3e25b2c4c 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
1350 if (nr > XFRM_MAX_DEPTH) 1350 if (nr > XFRM_MAX_DEPTH)
1351 return NULL; 1351 return NULL;
1352 1352
1353 if (p->dir > XFRM_POLICY_OUT)
1354 return NULL;
1355
1353 xp = xfrm_policy_alloc(GFP_KERNEL); 1356 xp = xfrm_policy_alloc(GFP_KERNEL);
1354 if (xp == NULL) { 1357 if (xp == NULL) {
1355 *dir = -ENOBUFS; 1358 *dir = -ENOBUFS;