From: Chris Wright <chrisw@osdl.org>
Date: Wed, 27 Jul 2005 21:27:51 +0000 (-0700)
Subject: Add ipsec overflow patch fwd from DaveM.
X-Git-Tag: v2.6.12.3~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b0eb0d099b1562985e459d55db2cf109c2dd779;p=thirdparty%2Fkernel%2Fstable-queue.git

Add ipsec overflow patch fwd from DaveM.
---

diff --git a/queue/ipsec-array-overflow.patch b/queue/ipsec-array-overflow.patch
new file mode 100644
index 00000000000..165e1e75e82
--- /dev/null
+++ b/queue/ipsec-array-overflow.patch
@@ -0,0 +1,34 @@
+From stable-bounces@linux.kernel.org  Tue Jul 26 16:40:13 2005
+Date: Tue, 26 Jul 2005 16:40:31 -0700 (PDT)
+To: stable@kernel.org
+From: "David S. Miller" <davem@davemloft.net>
+Subject: [PATCH][XFRM]: Fix possible overflow of sock->sk_policy
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[XFRM]: Fix possible overflow of sock->sk_policy
+
+Spotted by, and original patch by, Balazs Scheidler.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+ net/xfrm/xfrm_user.c |    3 +++
+ 1 files changed, 3 insertions(+)
+
+Index: linux-2.6.12.y/net/xfrm/xfrm_user.c
+===================================================================
+--- linux-2.6.12.y.orig/net/xfrm/xfrm_user.c
++++ linux-2.6.12.y/net/xfrm/xfrm_user.c
+@@ -1180,6 +1180,9 @@ static struct xfrm_policy *xfrm_compile_
+ 	if (nr > XFRM_MAX_DEPTH)
+ 		return NULL;
+ 
++	if (p->dir > XFRM_POLICY_OUT)
++		return NULL;
++
+ 	xp = xfrm_policy_alloc(GFP_KERNEL);
+ 	if (xp == NULL) {
+ 		*dir = -ENOBUFS;
diff --git a/queue/series b/queue/series
index 6adb897d3cf..3a640fbaf22 100644
--- a/queue/series
+++ b/queue/series
@@ -6,3 +6,4 @@ skb-signedness-fix.patch
 netfilter-deadlock-ip6_queue.patch
 netfilter-NAT-memory-corruption.patch
 netfilter-ip_conntrack_untracked-refcount.patch
+ipsec-array-overflow.patch