Commit a4f1bac6 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[XFRM]: Fix possible overflow of sock->sk_policy

Spotted by, and original patch by, Balazs Scheidler.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cadf01c2
...@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt, ...@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
if (nr > XFRM_MAX_DEPTH) if (nr > XFRM_MAX_DEPTH)
return NULL; return NULL;
if (p->dir > XFRM_POLICY_OUT)
return NULL;
xp = xfrm_policy_alloc(GFP_KERNEL); xp = xfrm_policy_alloc(GFP_KERNEL);
if (xp == NULL) { if (xp == NULL) {
*dir = -ENOBUFS; *dir = -ENOBUFS;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment