Add ipsec overflow patch fwd from DaveM.

diff --git a/queue/ipsec-array-overflow.patch b/queue/ipsec-array-overflow.patch
new file mode 100644 (file)
index 0000000..165e1e7
--- /dev/null
+++ b/queue/ipsec-array-overflow.patch
@@ -0,0 +1,34 @@
+From stable-bounces@linux.kernel.org  Tue Jul 26 16:40:13 2005
+Date: Tue, 26 Jul 2005 16:40:31 -0700 (PDT)
+To: stable@kernel.org
+From: "David S. Miller" <davem@davemloft.net>
+Subject: [PATCH][XFRM]: Fix possible overflow of sock->sk_policy
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[XFRM]: Fix possible overflow of sock->sk_policy
+
+Spotted by, and original patch by, Balazs Scheidler.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+ net/xfrm/xfrm_user.c |    3 +++
+ 1 files changed, 3 insertions(+)
+
+Index: linux-2.6.12.y/net/xfrm/xfrm_user.c
+===================================================================
+--- linux-2.6.12.y.orig/net/xfrm/xfrm_user.c
++++ linux-2.6.12.y/net/xfrm/xfrm_user.c
+@@ -1180,6 +1180,9 @@ static struct xfrm_policy *xfrm_compile_
+       if (nr > XFRM_MAX_DEPTH)
+               return NULL;
+ 
++      if (p->dir > XFRM_POLICY_OUT)
++              return NULL;
++
+       xp = xfrm_policy_alloc(GFP_KERNEL);
+       if (xp == NULL) {
+               *dir = -ENOBUFS;

diff --git a/queue/series b/queue/series
index 6adb897d3cf67460af3b57220b854ec673f69b91..3a640fbaf2256c00e26b30eedd6a2c71b48e2c62 100644 (file)
--- a/queue/series
+++ b/queue/series
@@ -6,3 +6,4 @@ skb-signedness-fix.patch
 netfilter-deadlock-ip6_queue.patch
 netfilter-NAT-memory-corruption.patch
 netfilter-ip_conntrack_untracked-refcount.patch
+ipsec-array-overflow.patch