From: Alexander Heinlein <alexander.heinlein@secunet.com>
Date: Mon, 16 Jan 2017 13:48:25 +0000 (+0100)
Subject: ip/xfrm: Fix deleteall when having many policies installed
X-Git-Tag: v4.10.0~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5eb0564da494e618ad4654abd93461e5e8bbae0;p=thirdparty%2Fiproute2.git

ip/xfrm: Fix deleteall when having many policies installed

Fix "Policy buffer overflow" when trying to use deleteall with many
policies installed.

Signed-off-by: Alexander Heinlein <alexander.heinlein@secunet.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---

diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index cc9c0f1fb..451b9822c 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who,
 	if (!xfrm_policy_filter_match(xpinfo, ptype))
 		return 0;
 
-	if (xb->offset > xb->size) {
-		fprintf(stderr, "Policy buffer overflow\n");
-		return -1;
-	}
+	if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
+		return 0;
 
 	new_n = (struct nlmsghdr *)(xb->buf + xb->offset);
 	new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid));