aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/key/af_key.c11
-rw-r--r--net/xfrm/xfrm_policy.c4
2 files changed, 10 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 50d0a31c3ba6..bbf0f69181ba 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2154,6 +2154,7 @@ out:
2154 2154
2155static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2155static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2156{ 2156{
2157 unsigned int dir;
2157 int err; 2158 int err;
2158 struct sadb_x_policy *pol; 2159 struct sadb_x_policy *pol;
2159 struct xfrm_policy *xp; 2160 struct xfrm_policy *xp;
@@ -2162,7 +2163,11 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2162 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) 2163 if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL)
2163 return -EINVAL; 2164 return -EINVAL;
2164 2165
2165 xp = xfrm_policy_byid(0, pol->sadb_x_policy_id, 2166 dir = xfrm_policy_id2dir(pol->sadb_x_policy_id);
2167 if (dir >= XFRM_POLICY_MAX)
2168 return -EINVAL;
2169
2170 xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id,
2166 hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2171 hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2167 if (xp == NULL) 2172 if (xp == NULL)
2168 return -ENOENT; 2173 return -ENOENT;
@@ -2174,9 +2179,9 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2174 if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { 2179 if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) {
2175 c.data.byid = 1; 2180 c.data.byid = 1;
2176 c.event = XFRM_MSG_DELPOLICY; 2181 c.event = XFRM_MSG_DELPOLICY;
2177 km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); 2182 km_policy_notify(xp, dir, &c);
2178 } else { 2183 } else {
2179 err = key_pol_get_resp(sk, xp, hdr, pol->sadb_x_policy_dir-1); 2184 err = key_pol_get_resp(sk, xp, hdr, dir);
2180 } 2185 }
2181 2186
2182 xfrm_pol_put(xp); 2187 xfrm_pol_put(xp);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index c6a0d34fc295..061b44cc2451 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -163,7 +163,7 @@ static void xfrm_policy_timer(unsigned long data)
163 if (xp->dead) 163 if (xp->dead)
164 goto out; 164 goto out;
165 165
166 dir = xp->index & 7; 166 dir = xfrm_policy_id2dir(xp->index);
167 167
168 if (xp->lft.hard_add_expires_seconds) { 168 if (xp->lft.hard_add_expires_seconds) {
169 long tmo = xp->lft.hard_add_expires_seconds + 169 long tmo = xp->lft.hard_add_expires_seconds +
@@ -417,7 +417,7 @@ struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete)
417 struct xfrm_policy *pol, **p; 417 struct xfrm_policy *pol, **p;
418 418
419 write_lock_bh(&xfrm_policy_lock); 419 write_lock_bh(&xfrm_policy_lock);
420 for (p = &xfrm_policy_list[id & 7]; (pol=*p)!=NULL; p = &pol->next) { 420 for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) {
421 if (pol->index == id) { 421 if (pol->index == id) {
422 xfrm_pol_hold(pol); 422 xfrm_pol_hold(pol);
423 if (delete) 423 if (delete)