diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-07-26 18:43:17 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-07-26 18:43:17 -0400 |
commit | a4f1bac62564049ea4718c4624b0fadc9f597c84 (patch) | |
tree | 294ef690f2b8978ee83b9e4e7dadbfb391ea1f94 /net | |
parent | cadf01c2fc0cd66dfef4956ef1a6482ed01c3150 (diff) |
[XFRM]: Fix possible overflow of sock->sk_policy
Spotted by, and original patch by, Balazs Scheidler.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index ecade4893a13..8da3e25b2c4c 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, | |||
1350 | if (nr > XFRM_MAX_DEPTH) | 1350 | if (nr > XFRM_MAX_DEPTH) |
1351 | return NULL; | 1351 | return NULL; |
1352 | 1352 | ||
1353 | if (p->dir > XFRM_POLICY_OUT) | ||
1354 | return NULL; | ||
1355 | |||
1353 | xp = xfrm_policy_alloc(GFP_KERNEL); | 1356 | xp = xfrm_policy_alloc(GFP_KERNEL); |
1354 | if (xp == NULL) { | 1357 | if (xp == NULL) { |
1355 | *dir = -ENOBUFS; | 1358 | *dir = -ENOBUFS; |