summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2014-06-26 15:12:45 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2014-08-14 09:51:48 +0800
commita052e55c0e0476e0e127399e01a2000c4afc2462 (patch)
treef797b8518eb765e04d8549e5913105a9a33113f5
parentc4b76e18681b8574f61bdf95981270c94ae82938 (diff)
downloadlwn-a052e55c0e0476e0e127399e01a2000c4afc2462.tar.gz
lwn-a052e55c0e0476e0e127399e01a2000c4afc2462.zip
xfrm: Fix installation of AH IPsec SAs
[ Upstream commit a0e5ef53aac8e5049f9344857d8ec5237d31e58b ] The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba was intended for IPComp SAs but actually prevented AH SAs from getting installed (depending on the SPI). Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp") Cc: Fan Du <fan.du@windriver.com> Signed-off-by: Tobias Brunner <tobias@strongswan.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--net/xfrm/xfrm_user.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 51398ae6cda8..d4c0fbe568ff 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
attrs[XFRMA_ALG_AEAD] ||
attrs[XFRMA_ALG_CRYPT] ||
attrs[XFRMA_ALG_COMP] ||
- attrs[XFRMA_TFCPAD] ||
- (ntohl(p->id.spi) >= 0x10000))
-
+ attrs[XFRMA_TFCPAD])
goto out;
break;
@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
attrs[XFRMA_ALG_AUTH] ||
attrs[XFRMA_ALG_AUTH_TRUNC] ||
attrs[XFRMA_ALG_CRYPT] ||
- attrs[XFRMA_TFCPAD])
+ attrs[XFRMA_TFCPAD] ||
+ (ntohl(p->id.spi) >= 0x10000))
goto out;
break;