[XFRM]: Fix possible overflow of sock->sk_policy
authorHerbert Xu <herbert@gondor.apana.org.au>
Tue, 26 Jul 2005 22:43:17 +0000 (15:43 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 26 Jul 2005 22:43:17 +0000 (15:43 -0700)
Spotted by, and original patch by, Balazs Scheidler.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_user.c

index ecade4893a139cc35d4fe345ce70242ede5358c4..8da3e25b2c4c1f305fd85428d3a9eb62b543bfba 100644 (file)
@@ -1350,6 +1350,9 @@ static struct xfrm_policy *xfrm_compile_policy(u16 family, int opt,
        if (nr > XFRM_MAX_DEPTH)
                return NULL;
 
        if (nr > XFRM_MAX_DEPTH)
                return NULL;
 
+       if (p->dir > XFRM_POLICY_OUT)
+               return NULL;
+
        xp = xfrm_policy_alloc(GFP_KERNEL);
        if (xp == NULL) {
                *dir = -ENOBUFS;
        xp = xfrm_policy_alloc(GFP_KERNEL);
        if (xp == NULL) {
                *dir = -ENOBUFS;