[XFRM]: Fix possible overflow of sock->sk_policy

Spotted by, and original patch by, Balazs Scheidler. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>

[XFRM]: Fix possible overflow of sock->sk_policy
Spotted by, and original patch by, Balazs Scheidler. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>
a4f1bac6 · Herbert Xu · David S. Miller · cadf01c2 · a4f1bac6
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

net/xfrm/xfrm_user.c net/xfrm/xfrm_user.c +3 -0

未找到文件。
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
 	if (nr > XFRM_MAX_DEPTH)
 		return NULL;

+	if (p->dir > XFRM_POLICY_OUT)
+		return NULL;
+
 	xp = xfrm_policy_alloc(GFP_KERNEL);
 	if (xp == NULL) {
 		*dir = -ENOBUFS;