mirror of https://gitee.com/openkylin/linux.git
xfrm: check trunc_len in XFRMA_ALG_AUTH_TRUNC
Maximum trunc length is defined by MAX_AH_AUTH_LEN (in bytes) and need to be checked when this value is set (in bits) by the user. In ah4.c and ah6.c a BUG_ON() checks this condiftion. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
f76957fc8f
commit
fa6dd8a2c8
|
@ -26,6 +26,7 @@
|
|||
#include <net/sock.h>
|
||||
#include <net/xfrm.h>
|
||||
#include <net/netlink.h>
|
||||
#include <net/ah.h>
|
||||
#include <asm/uaccess.h>
|
||||
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
|
||||
#include <linux/in6.h>
|
||||
|
@ -302,7 +303,8 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
|
|||
algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
|
||||
if (!algo)
|
||||
return -ENOSYS;
|
||||
if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
|
||||
if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN ||
|
||||
ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
|
||||
return -EINVAL;
|
||||
*props = algo->desc.sadb_alg_id;
|
||||
|
||||
|
|
Loading…
Reference in New Issue