Unverified Commit e06ee045 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!13157 xfrm: validate new SA's prefixlen using SA family when sel.family is unset 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/SWZJ4WSOC7N4F4KEVR6MBL4YOQCOPHIM/ 
 
https://gitee.com/src-openeuler/kernel/issues/IB2SWP 
 
Link:https://gitee.com/openeuler/kernel/pulls/13157

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 2b61c887 779b82b8

net/xfrm/xfrm_user.c

+5 −1
Original line number Diff line number Diff line
@@ -149,6 +149,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
			     struct nlattr **attrs)

{

	int err;

	u16 family = p->sel.family;



	err = -EINVAL;

	switch (p->family) {
@@ -167,7 +168,10 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, 
		goto out;

	}



	switch (p->sel.family) {

	if (!family && !(p->flags & XFRM_STATE_AF_UNSPEC))

		family = p->family;



	switch (family) {

	case AF_UNSPEC:

		break;