diff options
author | Tobias Brunner <tobias@strongswan.org> | 2014-06-26 15:12:45 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-08-14 09:51:48 +0800 |
commit | a052e55c0e0476e0e127399e01a2000c4afc2462 (patch) | |
tree | f797b8518eb765e04d8549e5913105a9a33113f5 | |
parent | c4b76e18681b8574f61bdf95981270c94ae82938 (diff) | |
download | lwn-a052e55c0e0476e0e127399e01a2000c4afc2462.tar.gz lwn-a052e55c0e0476e0e127399e01a2000c4afc2462.zip |
xfrm: Fix installation of AH IPsec SAs
[ Upstream commit a0e5ef53aac8e5049f9344857d8ec5237d31e58b ]
The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba
was intended for IPComp SAs but actually prevented AH SAs from getting
installed (depending on the SPI).
Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp")
Cc: Fan Du <fan.du@windriver.com>
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | net/xfrm/xfrm_user.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 51398ae6cda8..d4c0fbe568ff 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AEAD] || attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_COMP] || - attrs[XFRMA_TFCPAD] || - (ntohl(p->id.spi) >= 0x10000)) - + attrs[XFRMA_TFCPAD]) goto out; break; @@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AUTH] || attrs[XFRMA_ALG_AUTH_TRUNC] || attrs[XFRMA_ALG_CRYPT] || - attrs[XFRMA_TFCPAD]) + attrs[XFRMA_TFCPAD] || + (ntohl(p->id.spi) >= 0x10000)) goto out; break; |