diff options
| -rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 6a8da81ff66f..d5e1e0b08890 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <net/sock.h> | 26 | #include <net/sock.h> |
| 27 | #include <net/xfrm.h> | 27 | #include <net/xfrm.h> |
| 28 | #include <net/netlink.h> | 28 | #include <net/netlink.h> |
| 29 | #include <net/ah.h> | ||
| 29 | #include <asm/uaccess.h> | 30 | #include <asm/uaccess.h> |
| 30 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 31 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 31 | #include <linux/in6.h> | 32 | #include <linux/in6.h> |
| @@ -302,7 +303,8 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, | |||
| 302 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); | 303 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); |
| 303 | if (!algo) | 304 | if (!algo) |
| 304 | return -ENOSYS; | 305 | return -ENOSYS; |
| 305 | if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | 306 | if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || |
| 307 | ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | ||
| 306 | return -EINVAL; | 308 | return -EINVAL; |
| 307 | *props = algo->desc.sadb_alg_id; | 309 | *props = algo->desc.sadb_alg_id; |
| 308 | 310 | ||