Commit 776e9dd9 authored by Fan Du's avatar Fan Du Committed by Steffen Klassert

xfrm: export verify_userspi_info for pkfey and netlink interface

In order to check against valid IPcomp spi range, export verify_userspi_info
for both pfkey and netlink interface.
Signed-off-by: default avatarFan Du <fan.du@windriver.com>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent ea9884b3
...@@ -1563,6 +1563,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, ...@@ -1563,6 +1563,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,
u32 id, int delete, int *err); u32 id, int delete, int *err);
int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
u32 xfrm_get_acqseq(void); u32 xfrm_get_acqseq(void);
int verify_spi_info(u8 proto, u32 min, u32 max);
int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,
u8 mode, u32 reqid, u8 proto, u8 mode, u32 reqid, u8 proto,
......
...@@ -1340,6 +1340,12 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_ ...@@ -1340,6 +1340,12 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_
max_spi = range->sadb_spirange_max; max_spi = range->sadb_spirange_max;
} }
err = verify_spi_info(x->id.proto, min_spi, max_spi);
if (err) {
xfrm_state_put(x);
return err;
}
err = xfrm_alloc_spi(x, min_spi, max_spi); err = xfrm_alloc_spi(x, min_spi, max_spi);
resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x); resp_skb = err ? ERR_PTR(err) : pfkey_xfrm_state2msg(x);
......
...@@ -1489,6 +1489,30 @@ u32 xfrm_get_acqseq(void) ...@@ -1489,6 +1489,30 @@ u32 xfrm_get_acqseq(void)
} }
EXPORT_SYMBOL(xfrm_get_acqseq); EXPORT_SYMBOL(xfrm_get_acqseq);
int verify_spi_info(u8 proto, u32 min, u32 max)
{
switch (proto) {
case IPPROTO_AH:
case IPPROTO_ESP:
break;
case IPPROTO_COMP:
/* IPCOMP spi is 16-bits. */
if (max >= 0x10000)
return -EINVAL;
break;
default:
return -EINVAL;
}
if (min > max)
return -EINVAL;
return 0;
}
EXPORT_SYMBOL(verify_spi_info);
int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
{ {
struct net *net = xs_net(x); struct net *net = xs_net(x);
......
...@@ -1079,29 +1079,6 @@ static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -1079,29 +1079,6 @@ static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
return err; return err;
} }
static int verify_userspi_info(struct xfrm_userspi_info *p)
{
switch (p->info.id.proto) {
case IPPROTO_AH:
case IPPROTO_ESP:
break;
case IPPROTO_COMP:
/* IPCOMP spi is 16-bits. */
if (p->max >= 0x10000)
return -EINVAL;
break;
default:
return -EINVAL;
}
if (p->min > p->max)
return -EINVAL;
return 0;
}
static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
struct nlattr **attrs) struct nlattr **attrs)
{ {
...@@ -1116,7 +1093,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, ...@@ -1116,7 +1093,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
struct xfrm_mark m; struct xfrm_mark m;
p = nlmsg_data(nlh); p = nlmsg_data(nlh);
err = verify_userspi_info(p); err = verify_spi_info(p->info.id.proto, p->min, p->max);
if (err) if (err)
goto out_noput; goto out_noput;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment