forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-10-22 8ac6c7a54ed1b98d142dce24b11c6de6a1e239a5 
 kernel/net/xfrm/xfrm_user.c
....@@ -522,7 +522,7 @@
522522 	struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
523523 	struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
524524 
525
-	if (re) {
525
+	if (re && x->replay_esn && x->preplay_esn) {
526526 		struct xfrm_replay_state_esn *replay_esn;
527527 		replay_esn = nla_data(re);
528528 		memcpy(x->replay_esn, replay_esn,
....@@ -1049,6 +1049,15 @@
10491049 					 sizeof(*filter), GFP_KERNEL);
10501050 			if (filter == NULL)
10511051 				return -ENOMEM;
1052
+
1053
+			/* see addr_match(), (prefix length >> 5) << 2
1054
+			 * will be used to compare xfrm_address_t
1055
+			 */
1056
+			if (filter->splen > (sizeof(xfrm_address_t) << 3) ||
1057
+			    filter->dplen > (sizeof(xfrm_address_t) << 3)) {
1058
+				kfree(filter);
1059
+				return -EINVAL;
1060
+			}
10521061 		}
10531062 
10541063 		if (attrs[XFRMA_PROTO])
....@@ -2624,7 +2633,7 @@
26242633 	[XFRMA_ALG_COMP]	= { .len = sizeof(struct xfrm_algo) },
26252634 	[XFRMA_ENCAP]		= { .len = sizeof(struct xfrm_encap_tmpl) },
26262635 	[XFRMA_TMPL]		= { .len = sizeof(struct xfrm_user_tmpl) },
2627
-	[XFRMA_SEC_CTX]		= { .len = sizeof(struct xfrm_sec_ctx) },
2636
+	[XFRMA_SEC_CTX]		= { .len = sizeof(struct xfrm_user_sec_ctx) },
26282637 	[XFRMA_LTIME_VAL]	= { .len = sizeof(struct xfrm_lifetime_cur) },
26292638 	[XFRMA_REPLAY_VAL]	= { .len = sizeof(struct xfrm_replay_state) },
26302639 	[XFRMA_REPLAY_THRESH]	= { .type = NLA_U32 },