[iproute] macsec: fix input range of 'icvlen' parameter

Message ID	b1f730436465e511edb56e4486299e4f3835599b.1473428548.git.dcaratti@redhat.com
State	Accepted, archived
Delegated to:	stephen hemminger
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Davide Caratti <dcaratti@redhat.com> To: netdev@vger.kernel.org Cc: Sabrina Dubroca <sd@queasysnail.net>, Phil Sutter <phil@nwl.cc>, Stephen Hemminger <stephen@networkplumber.org> Subject: [iproute PATCH] macsec: fix input range of 'icvlen' parameter Date: Fri, 9 Sep 2016 16:02:22 +0200 Message-Id: <b1f730436465e511edb56e4486299e4f3835599b.1473428548.git.dcaratti@redhat.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

b1f730436465e511edb56e4486299e4f3835599b.1473428548.git.dcaratti@redhat.com

State

Accepted, archived

Delegated to:

stephen hemminger

Headers

From: Davide Caratti <dcaratti@redhat.com>
To: netdev@vger.kernel.org
Cc: Sabrina Dubroca <sd@queasysnail.net>, Phil Sutter <phil@nwl.cc>,
	Stephen Hemminger <stephen@networkplumber.org>
Subject: [iproute PATCH] macsec: fix input range of 'icvlen' parameter
Date: Fri,  9 Sep 2016 16:02:22 +0200
Message-Id: <b1f730436465e511edb56e4486299e4f3835599b.1473428548.git.dcaratti@redhat.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Davide Caratti Sept. 9, 2016, 2:02 p.m. UTC

the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
 ip/ipmacsec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Phil Sutter Sept. 9, 2016, 2:15 p.m. UTC | #1

On Fri, Sep 09, 2016 at 04:02:22PM +0200, Davide Caratti wrote:
> the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
> fix get_icvlen() accordingly, so that a proper error message is displayed
> in case input 'icvlen' is greater than 16.
> 
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>

Acked-by: Phil Sutter <phil@nwl.cc>

Sabrina Dubroca Sept. 9, 2016, 3:53 p.m. UTC | #2

2016-09-09, 16:02:22 +0200, Davide Caratti wrote:
> the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
> fix get_icvlen() accordingly, so that a proper error message is displayed
> in case input 'icvlen' is greater than 16.
> 
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>

Acked-by: Sabrina Dubroca <sd@queasysnail.net>

Stephen Hemminger Sept. 20, 2016, 4:49 p.m. UTC | #3

On Fri,  9 Sep 2016 16:02:22 +0200
Davide Caratti <dcaratti@redhat.com> wrote:

> the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
> fix get_icvlen() accordingly, so that a proper error message is displayed
> in case input 'icvlen' is greater than 16.
> 
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>

Applied

diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 2e670e9..127fa1e 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -152,9 +152,9 @@  static void get_icvlen(__u8 *icvlen, char *arg)
 	if (ret)
 		invarg("expected ICV length", arg);
 
-	if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN)
+	if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN)
 		invarg("ICV length must be in the range {"
-		       STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN)
+		       STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN)
 		       "}", arg);
 }

[iproute] macsec: fix input range of 'icvlen' parameter

Commit Message

Comments

Patch