Hi:
The following patch fixes two bugs for ALLOC_SPI on IPCOMP SAs:
. The verify function always returned EINVAL.
. The min/max are passed to the reall aloc_spi function with the wrong sex.
I also removed the min check in the verify function as right below
the switch we verify that min <= max.
I could've changed min/max to expect big endian from the user but since
ALLOC_SPI ESP is already working I decided against breaking the ABI.
Cheers,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: net/xfrm/xfrm_user.c
===================================================================
RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/net/xfrm/xfrm_user.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- net/xfrm/xfrm_user.c 6 Sep 2003 23:34:42 -0000 1.14
+++ net/xfrm/xfrm_user.c 7 Sep 2003 00:30:34 -0000 1.15
@@ -433,9 +433,9 @@
case IPPROTO_COMP:
/* IPCOMP spi is 16-bits. */
- if (p->min >= 0x10000 ||
- p->max >= 0x10000)
+ if (p->max >= 0x10000)
return -EINVAL;
+ break;
default:
return -EINVAL;
@@ -470,7 +470,7 @@
spin_lock_bh(&x->lock);
if (x->km.state != XFRM_STATE_DEAD) {
- xfrm_alloc_spi(x, p->min, p->max);
+ xfrm_alloc_spi(x, htonl(p->min), htonl(p->max));
if (x->id.spi)
resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
}
