xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
authorTimo Teräs <timo.teras@iki.fi>
Wed, 31 Mar 2010 00:17:04 +0000 (00:17 +0000)
committerDavid S. Miller <davem@davemloft.net>
Fri, 2 Apr 2010 02:41:35 +0000 (19:41 -0700)
Add missing check for policy direction verification. This is
especially important since without this xfrm_user may end up
deleting per-socket policy which is not allowed.

Signed-off-by: Timo Teras <timo.teras@iki.fi>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/xfrm/xfrm_user.c

index 6106b72826d374f4d5cbcc1ea8ab1c391bef2917..da5ba86181dee413a32ec26e959e85f29683191e 100644 (file)
@@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (err)
                return err;
 
+       err = verify_policy_dir(p->dir);
+       if (err)
+               return err;
+
        if (p->index)
                xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
        else {