diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/key/af_key.c | 11 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 4 |
2 files changed, 10 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 50d0a31c3ba6..bbf0f69181ba 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -2154,6 +2154,7 @@ out: | |||
2154 | 2154 | ||
2155 | static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) | 2155 | static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) |
2156 | { | 2156 | { |
2157 | unsigned int dir; | ||
2157 | int err; | 2158 | int err; |
2158 | struct sadb_x_policy *pol; | 2159 | struct sadb_x_policy *pol; |
2159 | struct xfrm_policy *xp; | 2160 | struct xfrm_policy *xp; |
@@ -2162,7 +2163,11 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2162 | if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) | 2163 | if ((pol = ext_hdrs[SADB_X_EXT_POLICY-1]) == NULL) |
2163 | return -EINVAL; | 2164 | return -EINVAL; |
2164 | 2165 | ||
2165 | xp = xfrm_policy_byid(0, pol->sadb_x_policy_id, | 2166 | dir = xfrm_policy_id2dir(pol->sadb_x_policy_id); |
2167 | if (dir >= XFRM_POLICY_MAX) | ||
2168 | return -EINVAL; | ||
2169 | |||
2170 | xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id, | ||
2166 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); | 2171 | hdr->sadb_msg_type == SADB_X_SPDDELETE2); |
2167 | if (xp == NULL) | 2172 | if (xp == NULL) |
2168 | return -ENOENT; | 2173 | return -ENOENT; |
@@ -2174,9 +2179,9 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2174 | if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { | 2179 | if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { |
2175 | c.data.byid = 1; | 2180 | c.data.byid = 1; |
2176 | c.event = XFRM_MSG_DELPOLICY; | 2181 | c.event = XFRM_MSG_DELPOLICY; |
2177 | km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); | 2182 | km_policy_notify(xp, dir, &c); |
2178 | } else { | 2183 | } else { |
2179 | err = key_pol_get_resp(sk, xp, hdr, pol->sadb_x_policy_dir-1); | 2184 | err = key_pol_get_resp(sk, xp, hdr, dir); |
2180 | } | 2185 | } |
2181 | 2186 | ||
2182 | xfrm_pol_put(xp); | 2187 | xfrm_pol_put(xp); |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c6a0d34fc295..061b44cc2451 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -163,7 +163,7 @@ static void xfrm_policy_timer(unsigned long data) | |||
163 | if (xp->dead) | 163 | if (xp->dead) |
164 | goto out; | 164 | goto out; |
165 | 165 | ||
166 | dir = xp->index & 7; | 166 | dir = xfrm_policy_id2dir(xp->index); |
167 | 167 | ||
168 | if (xp->lft.hard_add_expires_seconds) { | 168 | if (xp->lft.hard_add_expires_seconds) { |
169 | long tmo = xp->lft.hard_add_expires_seconds + | 169 | long tmo = xp->lft.hard_add_expires_seconds + |
@@ -417,7 +417,7 @@ struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete) | |||
417 | struct xfrm_policy *pol, **p; | 417 | struct xfrm_policy *pol, **p; |
418 | 418 | ||
419 | write_lock_bh(&xfrm_policy_lock); | 419 | write_lock_bh(&xfrm_policy_lock); |
420 | for (p = &xfrm_policy_list[id & 7]; (pol=*p)!=NULL; p = &pol->next) { | 420 | for (p = &xfrm_policy_list[dir]; (pol=*p)!=NULL; p = &pol->next) { |
421 | if (pol->index == id) { | 421 | if (pol->index == id) { |
422 | xfrm_pol_hold(pol); | 422 | xfrm_pol_hold(pol); |
423 | if (delete) | 423 | if (delete) |