diff options
author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2019-06-14 11:13:55 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2019-06-17 11:22:35 +0200 |
commit | b8d6d0079757cbd1b69724cfd1c08e2171c68cee (patch) | |
tree | c3b27de2c7e26124a1a324d09c26aba511dfb9db /net/xfrm | |
parent | af_key: fix leaks in key_pol_get_resp and dump_sp. (diff) | |
download | linux-b8d6d0079757cbd1b69724cfd1c08e2171c68cee.tar.xz linux-b8d6d0079757cbd1b69724cfd1c08e2171c68cee.zip |
xfrm: fix sa selector validation
After commit b38ff4075a80, the following command does not work anymore:
$ ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 34 reqid 1 \
mode tunnel enc 'cbc(aes)' 0xb0abdba8b782ad9d364ec81e3a7d82a1 auth-trunc \
'hmac(sha1)' 0xe26609ebd00acb6a4d51fca13e49ea78a72c73e6 96 flag align4
In fact, the selector is not mandatory, allow the user to provide an empty
selector.
Fixes: b38ff4075a80 ("xfrm: Fix xfrm sel prefix length validation")
CC: Anirudh Gupta <anirudh.gupta@sophos.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_user.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 74a3d1e0ff63..6626564f1fb7 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -166,6 +166,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, } switch (p->sel.family) { + case AF_UNSPEC: + break; + case AF_INET: if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) goto out; |