]> git.ipfire.org Git - thirdparty/iproute2.git/commitdiff
projects / thirdparty / iproute2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c3d09fb)
ip/xfrm: Fix deleteall when having many policies installed
authorAlexander Heinlein <alexander.heinlein@secunet.com>
Mon, 16 Jan 2017 13:48:25 +0000 (14:48 +0100)
committerStephen Hemminger <stephen@networkplumber.org>
Fri, 20 Jan 2017 17:21:02 +0000 (09:21 -0800)
Fix "Policy buffer overflow" when trying to use deleteall with many
policies installed.

Signed-off-by: Alexander Heinlein <alexander.heinlein@secunet.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ip/xfrm_policy.c patch | blob | blame | history

diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index cc9c0f1fbb86657464e9ade78d5108ca5edfb137..451b9822cede6bfe3e9005cc0ca1a29906e6be76 100644 (file)
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who,
        if (!xfrm_policy_filter_match(xpinfo, ptype))
                return 0;
 
-       if (xb->offset > xb->size) {
-               fprintf(stderr, "Policy buffer overflow\n");
-               return -1;
-       }
+       if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
+               return 0;
 
        new_n = (struct nlmsghdr *)(xb->buf + xb->offset);
        new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid));
Mirror of https://git.kernel.org/pub/scm/network/iproute2/iproute2.git