Message ID | 51b5293a-bce8-b663-f9de-97dc7c8113b3@secunet.com |
---|---|
State | Accepted, archived |
Delegated to: | stephen hemminger |
Headers | show |
On Thu, 19 Jan 2017 08:57:56 +0100 Alexander Heinlein <alexander.heinlein@secunet.com> wrote: > From 192cf19b3a97871a508ad57ba5893d1719877f13 Mon Sep 17 00:00:00 2001 > From: Alexander Heinlein <alexander.heinlein@secunet.com> > Date: Mon, 16 Jan 2017 14:48:25 +0100 > Subject: [PATCH] ip/xfrm: Fix deleteall when having many policies installed > > Fix "Policy buffer overflow" when trying to use deleteall with many > policies installed. > > Signed-off-by: Alexander Heinlein <alexander.heinlein@secunet.com> Applied thanks.
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index cc9c0f1..451b982 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who, if (!xfrm_policy_filter_match(xpinfo, ptype)) return 0; - if (xb->offset > xb->size) { - fprintf(stderr, "Policy buffer overflow\n"); - return -1; - } + if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size) + return 0; new_n = (struct nlmsghdr *)(xb->buf + xb->offset); new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid));