[thirdparty/kernel/stable-queue.git] / releases / 2.6.29.5 / xfrm-wrong-hash-value-for-temporary-sa.patch

From 5ad8585fef1612245f19245a418482adefef4601 Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Mon, 27 Apr 2009 02:58:59 -0700
Subject: xfrm: wrong hash value for temporary SA

From: Nicolas Dichtel <nicolas.dichtel@6wind.com>

[ Upstream commit 6a783c9067e3f71aac61a9262fe42c1f68efd4fc ]

When kernel inserts a temporary SA for IKE, it uses the wrong hash
value for dst list. Two hash values were calcultated before: one with
source address and one with a wildcard source address.

Bug hinted by Junwei Zhang <junwei.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 net/xfrm/xfrm_state.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -794,7 +794,7 @@ xfrm_state_find(xfrm_address_t *daddr, x
 {
 	static xfrm_address_t saddr_wildcard = { };
 	struct net *net = xp_net(pol);
-	unsigned int h;
+	unsigned int h, h_wildcard;
 	struct hlist_node *entry;
 	struct xfrm_state *x, *x0, *to_put;
 	int acquire_in_progress = 0;
@@ -819,8 +819,8 @@ xfrm_state_find(xfrm_address_t *daddr, x
 	if (best)
 		goto found;
 
-	h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
-	hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
+	h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
+	hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
 		if (x->props.family == family &&
 		    x->props.reqid == tmpl->reqid &&
 		    !(x->props.flags & XFRM_STATE_WILDRECV) &&
Commit	Line	Data
15569d91 GKH	1	From 5ad8585fef1612245f19245a418482adefef4601 Mon Sep 17 00:00:00 2001
	2	From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
	3	Date: Mon, 27 Apr 2009 02:58:59 -0700
	4	Subject: xfrm: wrong hash value for temporary SA
	5
	6	From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
	7
	8	[ Upstream commit 6a783c9067e3f71aac61a9262fe42c1f68efd4fc ]
	9
	10	When kernel inserts a temporary SA for IKE, it uses the wrong hash
	11	value for dst list. Two hash values were calcultated before: one with
	12	source address and one with a wildcard source address.
	13
	14	Bug hinted by Junwei Zhang <junwei.zhang@6wind.com>
	15	Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
	16	Signed-off-by: David S. Miller <davem@davemloft.net>
	17	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	18
	19	---
	20	net/xfrm/xfrm_state.c \| 6 +++---
	21	1 file changed, 3 insertions(+), 3 deletions(-)
	22
	23	--- a/net/xfrm/xfrm_state.c
	24	+++ b/net/xfrm/xfrm_state.c
	25	@@ -794,7 +794,7 @@ xfrm_state_find(xfrm_address_t *daddr, x
	26	{
	27	static xfrm_address_t saddr_wildcard = { };
	28	struct net *net = xp_net(pol);
	29	- unsigned int h;
	30	+ unsigned int h, h_wildcard;
	31	struct hlist_node *entry;
	32	struct xfrm_state x, x0, *to_put;
	33	int acquire_in_progress = 0;
	34	@@ -819,8 +819,8 @@ xfrm_state_find(xfrm_address_t *daddr, x
	35	if (best)
	36	goto found;
	37
	38	- h = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
	39	- hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
	40	+ h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
	41	+ hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
	42	if (x->props.family == family &&
	43	x->props.reqid == tmpl->reqid &&
	44	!(x->props.flags & XFRM_STATE_WILDRECV) &&