aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_user.c
diff options
context:
space:
mode:
authorJamal Hadi Salim <hadi@cyberus.ca>2006-11-19 14:55:30 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2006-11-21 16:16:35 -0800
commit785fd8b8a597519127c6d9e16e81f48af2ad391e (patch)
tree39e6e66a8daabe1c3ce3f4c7d1d51ef6f72355fe /net/xfrm/xfrm_user.c
parent334f3d45d3e0c925eb15003560cdd6f5383c88d0 (diff)
downloadkernel_samsung_smdk4412-785fd8b8a597519127c6d9e16e81f48af2ad391e.tar.gz
kernel_samsung_smdk4412-785fd8b8a597519127c6d9e16e81f48af2ad391e.tar.bz2
kernel_samsung_smdk4412-785fd8b8a597519127c6d9e16e81f48af2ad391e.zip
[XFRM]: nlmsg length not computed correctly in the presence of subpolicies
I actually dont have a test case for these; i just found them by inspection. Refer to patch "[XFRM]: Sub-policies broke policy events" for more info Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Acked-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
-rw-r--r--net/xfrm/xfrm_user.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 2dae1c1ea36..c4cde57d921 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1927,6 +1927,9 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+#ifdef CONFIG_XFRM_SUB_POLICY
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
+#endif
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -2034,6 +2037,9 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+#ifdef CONFIG_XFRM_SUB_POLICY
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
+#endif
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)
return -ENOMEM;
@@ -2109,10 +2115,12 @@ static int xfrm_notify_policy_flush(struct km_event *c)
struct nlmsghdr *nlh;
struct sk_buff *skb;
unsigned char *b;
+ int len = 0;
#ifdef CONFIG_XFRM_SUB_POLICY
struct xfrm_userpolicy_type upt;
+ len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
#endif
- int len = NLMSG_LENGTH(0);
+ len += NLMSG_LENGTH(0);
skb = alloc_skb(len, GFP_ATOMIC);
if (skb == NULL)