releases/2.6.12.4/ipsec-array-overflow.patch

   1 From stable-bounces@linux.kernel.org  Tue Jul 26 16:40:13 2005
   2 Date: Tue, 26 Jul 2005 16:40:31 -0700 (PDT)
   3 To: stable@kernel.org
   4 From: "David S. Miller" <davem@davemloft.net>
   5 Subject: [PATCH][XFRM]: Fix possible overflow of sock->sk_policy
   6
   7 From: Herbert Xu <herbert@gondor.apana.org.au>
   8
   9 [XFRM]: Fix possible overflow of sock->sk_policy
  10
  11 Spotted by, and original patch by, Balazs Scheidler.
  12
  13 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  14 Signed-off-by: David S. Miller <davem@davemloft.net>
  15 Signed-off-by: Chris Wright <chrisw@osdl.org>
  16 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  17 ---
  18  net/xfrm/xfrm_user.c |    3 +++
  19  1 files changed, 3 insertions(+)
  20
  21 --- linux-2.6.12.3.orig/net/xfrm/xfrm_user.c    2005-07-28 11:17:01.000000000 -0700
  22 +++ linux-2.6.12.3/net/xfrm/xfrm_user.c 2005-07-28 11:17:18.000000000 -0700
  23 @@ -1180,6 +1180,9 @@
  24         if (nr > XFRM_MAX_DEPTH)
  25                 return NULL;
  26
  27 +       if (p->dir > XFRM_POLICY_OUT)
  28 +               return NULL;
  29 +
  30         xp = xfrm_policy_alloc(GFP_KERNEL);
  31         if (xp == NULL) {
  32                 *dir = -ENOBUFS;