aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_user.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm/xfrm_user.c')
-rw-r--r--net/xfrm/xfrm_user.c32
1 files changed, 28 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 706385ae3e4b..5d1d60d3ca83 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -127,6 +127,9 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
127 if (!rt) 127 if (!rt)
128 return 0; 128 return 0;
129 129
130 if (p->id.proto != IPPROTO_ESP)
131 return -EINVAL;
132
130 if (p->replay_window != 0) 133 if (p->replay_window != 0)
131 return -EINVAL; 134 return -EINVAL;
132 135
@@ -360,6 +363,23 @@ static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props,
360 return 0; 363 return 0;
361} 364}
362 365
366static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn,
367 struct nlattr *rp)
368{
369 struct xfrm_replay_state_esn *up;
370
371 if (!replay_esn || !rp)
372 return 0;
373
374 up = nla_data(rp);
375
376 if (xfrm_replay_state_esn_len(replay_esn) !=
377 xfrm_replay_state_esn_len(up))
378 return -EINVAL;
379
380 return 0;
381}
382
363static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, 383static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn,
364 struct xfrm_replay_state_esn **preplay_esn, 384 struct xfrm_replay_state_esn **preplay_esn,
365 struct nlattr *rta) 385 struct nlattr *rta)
@@ -511,7 +531,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
511 531
512 xfrm_mark_get(attrs, &x->mark); 532 xfrm_mark_get(attrs, &x->mark);
513 533
514 err = xfrm_init_state(x); 534 err = __xfrm_init_state(x, false);
515 if (err) 535 if (err)
516 goto error; 536 goto error;
517 537
@@ -874,7 +894,7 @@ static int build_spdinfo(struct sk_buff *skb, struct net *net,
874 u32 *f; 894 u32 *f;
875 895
876 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 896 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0);
877 if (nlh == NULL) /* shouldnt really happen ... */ 897 if (nlh == NULL) /* shouldn't really happen ... */
878 return -EMSGSIZE; 898 return -EMSGSIZE;
879 899
880 f = nlmsg_data(nlh); 900 f = nlmsg_data(nlh);
@@ -934,7 +954,7 @@ static int build_sadinfo(struct sk_buff *skb, struct net *net,
934 u32 *f; 954 u32 *f;
935 955
936 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 956 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0);
937 if (nlh == NULL) /* shouldnt really happen ... */ 957 if (nlh == NULL) /* shouldn't really happen ... */
938 return -EMSGSIZE; 958 return -EMSGSIZE;
939 959
940 f = nlmsg_data(nlh); 960 f = nlmsg_data(nlh);
@@ -1341,7 +1361,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1341 if (!xp) 1361 if (!xp)
1342 return err; 1362 return err;
1343 1363
1344 /* shouldnt excl be based on nlh flags?? 1364 /* shouldn't excl be based on nlh flags??
1345 * Aha! this is anti-netlink really i.e more pfkey derived 1365 * Aha! this is anti-netlink really i.e more pfkey derived
1346 * in netlink excl is a flag and you wouldnt need 1366 * in netlink excl is a flag and you wouldnt need
1347 * a type XFRM_MSG_UPDPOLICY - JHS */ 1367 * a type XFRM_MSG_UPDPOLICY - JHS */
@@ -1766,6 +1786,10 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1766 if (x->km.state != XFRM_STATE_VALID) 1786 if (x->km.state != XFRM_STATE_VALID)
1767 goto out; 1787 goto out;
1768 1788
1789 err = xfrm_replay_verify_len(x->replay_esn, rp);
1790 if (err)
1791 goto out;
1792
1769 spin_lock_bh(&x->lock); 1793 spin_lock_bh(&x->lock);
1770 xfrm_update_ae_params(x, attrs); 1794 xfrm_update_ae_params(x, attrs);
1771 spin_unlock_bh(&x->lock); 1795 spin_unlock_bh(&x->lock);
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-23 05:51:22 -0400