diff options
| -rw-r--r-- | include/net/ah.h | 3 | ||||
| -rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
| -rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
4 files changed, 1 insertions, 9 deletions
diff --git a/include/net/ah.h b/include/net/ah.h index ca95b98969dd..4e2dfa474a7e 100644 --- a/include/net/ah.h +++ b/include/net/ah.h | |||
| @@ -3,9 +3,6 @@ | |||
| 3 | 3 | ||
| 4 | #include <linux/skbuff.h> | 4 | #include <linux/skbuff.h> |
| 5 | 5 | ||
| 6 | /* This is the maximum truncated ICV length that we know of. */ | ||
| 7 | #define MAX_AH_AUTH_LEN 64 | ||
| 8 | |||
| 9 | struct crypto_ahash; | 6 | struct crypto_ahash; |
| 10 | 7 | ||
| 11 | struct ah_data { | 8 | struct ah_data { |
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index a2afa89513a0..ac9a32ec3ee4 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
| @@ -505,8 +505,6 @@ static int ah_init_state(struct xfrm_state *x) | |||
| 505 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; | 505 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; |
| 506 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; | 506 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; |
| 507 | 507 | ||
| 508 | BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); | ||
| 509 | |||
| 510 | if (x->props.flags & XFRM_STATE_ALIGN4) | 508 | if (x->props.flags & XFRM_STATE_ALIGN4) |
| 511 | x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + | 509 | x->props.header_len = XFRM_ALIGN4(sizeof(struct ip_auth_hdr) + |
| 512 | ahp->icv_trunc_len); | 510 | ahp->icv_trunc_len); |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index fcffd4e522c8..6d16eb0e0c7f 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
| @@ -713,8 +713,6 @@ static int ah6_init_state(struct xfrm_state *x) | |||
| 713 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; | 713 | ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8; |
| 714 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; | 714 | ahp->icv_trunc_len = x->aalg->alg_trunc_len/8; |
| 715 | 715 | ||
| 716 | BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN); | ||
| 717 | |||
| 718 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + | 716 | x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + |
| 719 | ahp->icv_trunc_len); | 717 | ahp->icv_trunc_len); |
| 720 | switch (x->props.mode) { | 718 | switch (x->props.mode) { |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index eaf8a8f1cbe8..e812e988c111 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -333,8 +333,7 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, | |||
| 333 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); | 333 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); |
| 334 | if (!algo) | 334 | if (!algo) |
| 335 | return -ENOSYS; | 335 | return -ENOSYS; |
| 336 | if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || | 336 | if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) |
| 337 | ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | ||
| 338 | return -EINVAL; | 337 | return -EINVAL; |
| 339 | *props = algo->desc.sadb_alg_id; | 338 | *props = algo->desc.sadb_alg_id; |
| 340 | 339 | ||