xfrm: wrong hash value for temporary SA
authorNicolas Dichtel <nicolas.dichtel@6wind.com>
Mon, 27 Apr 2009 09:58:59 +0000 (02:58 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 27 Apr 2009 09:58:59 +0000 (02:58 -0700)
When kernel inserts a temporary SA for IKE, it uses the wrong hash
value for dst list. Two hash values were calcultated before: one with
source address and one with a wildcard source address.

Bug hinted by Junwei Zhang <junwei.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_state.c

index 82271720d970f25005015cc73728eda7fc5bf448..5f1f86565f162e4bccf4bcc215ef78a8272bbae3 100644 (file)
@@ -794,7 +794,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 {
        static xfrm_address_t saddr_wildcard = { };
        struct net *net = xp_net(pol);
-       unsigned int h;
+       unsigned int h, h_wildcard;
        struct hlist_node *entry;
        struct xfrm_state *x, *x0, *to_put;
        int acquire_in_progress = 0;
@@ -819,8 +819,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
        if (best)
                goto found;
 
-       h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
-       hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
+       h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
+       hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
                if (x->props.family == family &&
                    x->props.reqid == tmpl->reqid &&
                    !(x->props.flags & XFRM_STATE_WILDRECV) &&