Hi:
This patch fixes three bad checks on rta_len in xfrm_user.c which assumed
that it included the rta header length. This broke anything that tried
to attach data to XFRM messages, such as NEWPOLICY.
Thanks,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: net/xfrm/xfrm_user.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_user.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 xfrm_user.c
--- net/xfrm/xfrm_user.c 7 Apr 2003 17:31:45 -0000 1.1.1.1
+++ net/xfrm/xfrm_user.c 24 May 2003 06:23:28 -0000
@@ -38,7 +38,7 @@
if (!rt)
return 0;
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*algp))
+ if (rt->rta_len < sizeof(*algp))
return -EINVAL;
algp = RTA_DATA(rt);
@@ -75,7 +75,7 @@
if (!rt)
return 0;
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap))
+ if (rt->rta_len < sizeof(*encap))
return -EINVAL;
return 0;
@@ -567,7 +567,7 @@
if (!rt) {
pol->xfrm_nr = 0;
} else {
- nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl);
+ nr = rt->rta_len / sizeof(*utmpl);
if (nr > XFRM_MAX_DEPTH)
return -EINVAL;
