From: David Ward <david.ward@ll.mit.edu>
Date: Mon, 25 Mar 2013 04:23:13 +0000 (+0000)
Subject: ip/xfrm: Extend SPI validity checking
X-Git-Tag: v3.9.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d26e1fefd379deffd76469deea8f1bb8c0fc2dd;p=thirdparty%2Fiproute2.git

ip/xfrm: Extend SPI validity checking

A Security Policy Index (SPI) is not used with Mobile IPv6. IPComp
uses a smaller 16-bit Compression Parameter Index (CPI) which is
passed as the SPI value. Perform checks whenever specifying an ID.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
---

diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index db5191851..257693878 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -1067,6 +1067,18 @@ int xfrm_id_parse(xfrm_address_t *saddr, struct xfrm_id *id, __u16 *family,
 	if (src.family && dst.family && (src.family != dst.family))
 		invarg("the same address family is required between \"src\" and \"dst\"", *argv);
 
+	if (id->spi && id->proto) {
+		if (xfrm_xfrmproto_is_ro(id->proto)) {
+			fprintf(stderr, "\"spi\" is invalid with XFRM-PROTO value \"%s\"\n",
+			        strxf_xfrmproto(id->proto));
+			exit(1);
+		} else if (id->proto == IPPROTO_COMP && ntohl(id->spi) >= 0x10000) {
+			fprintf(stderr, "SPI value is too large with XFRM-PROTO value \"%s\"\n",
+			        strxf_xfrmproto(id->proto));
+			exit(1);
+		}
+	}
+
 	if (loose == 0 && id->proto == 0)
 		missarg("XFRM-PROTO");
 	if (argc == *argcp)
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index c0cf88c2f..3c01ec52e 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -502,11 +502,6 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
 				strxf_xfrmproto(req.xsinfo.id.proto));
 			exit(1);
 		}
-		if (req.xsinfo.id.spi != 0) {
-			fprintf(stderr, "\"spi\" must be 0 with proto=%s\n",
-				strxf_xfrmproto(req.xsinfo.id.proto));
-			exit(1);
-		}
 		break;
 	default:
 		break;