Commit 08a717e4 authored by Sabrina Dubroca's avatar Sabrina Dubroca Committed by Steffen Klassert
Browse files

xfrm: add extack to verify_sec_ctx_len 



Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent d37bed89

net/xfrm/xfrm_user.c

+9 −7
Original line number Diff line number Diff line
@@ -102,7 +102,7 @@ static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 
		*addrp = nla_data(rt);

}



static inline int verify_sec_ctx_len(struct nlattr **attrs)

static inline int verify_sec_ctx_len(struct nlattr **attrs, struct netlink_ext_ack *extack)

{

	struct nlattr *rt = attrs[XFRMA_SEC_CTX];

	struct xfrm_user_sec_ctx *uctx;
@@ -112,8 +112,10 @@ static inline int verify_sec_ctx_len(struct nlattr **attrs) 


	uctx = nla_data(rt);

	if (uctx->len > nla_len(rt) ||

	    uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))

	    uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) {

		NL_SET_ERR_MSG(extack, "Invalid security context length");

		return -EINVAL;

	}



	return 0;

}
@@ -264,7 +266,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		goto out;

	if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP)))

		goto out;

	if ((err = verify_sec_ctx_len(attrs)))

	if ((err = verify_sec_ctx_len(attrs, NULL)))

		goto out;

	if ((err = verify_replay(p, attrs)))

		goto out;
@@ -1800,7 +1802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 
	err = verify_newpolicy_info(p, extack);

	if (err)

		return err;

	err = verify_sec_ctx_len(attrs);

	err = verify_sec_ctx_len(attrs, extack);

	if (err)

		return err;
@@ -2136,7 +2138,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 
		struct nlattr *rt = attrs[XFRMA_SEC_CTX];

		struct xfrm_sec_ctx *ctx;



		err = verify_sec_ctx_len(attrs);

		err = verify_sec_ctx_len(attrs, extack);

		if (err)

			return err;
@@ -2441,7 +2443,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 
		struct nlattr *rt = attrs[XFRMA_SEC_CTX];

		struct xfrm_sec_ctx *ctx;



		err = verify_sec_ctx_len(attrs);

		err = verify_sec_ctx_len(attrs, extack);

		if (err)

			return err;
@@ -2533,7 +2535,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 
	err = verify_newpolicy_info(&ua->policy, extack);

	if (err)

		goto free_state;

	err = verify_sec_ctx_len(attrs);

	err = verify_sec_ctx_len(attrs, extack);

	if (err)

		goto free_state;