xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler

Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting per-socket policy which is not allowed. Signed-off-by: N Timo Teras <timo.teras@iki.fi> Acked-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>

xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
Add missing check for policy direction verification. This is especially important since without this xfrm_user may end up deleting per-socket policy which is not allowed. Signed-off-by: N Timo Teras <timo.teras@iki.fi> Acked-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>
c8bf4d04 · Timo Teräs · David S. Miller · 34996cb9 · c8bf4d04
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

net/xfrm/xfrm_user.c net/xfrm/xfrm_user.c +4 -0

未找到文件。
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	if (err)
 		return err;

+	err = verify_policy_dir(p->dir);
+	if (err)
+		return err;
+
 	if (p->index)
 		xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
 	else {