From: David Ward <david.ward@ll.mit.edu>
Date: Mon, 25 Mar 2013 04:23:14 +0000 (+0000)
Subject: ip/xfrm: Do not allow redundant algorithm combinations to be specified
X-Git-Tag: v3.9.0~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec839527f2647f365e84e6f571ce13d90b7c6adf;p=thirdparty%2Fiproute2.git

ip/xfrm: Do not allow redundant algorithm combinations to be specified

AEAD algorithms perform both encryption and authentication; they are
not combined with separate encryption or authentication algorithms.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
---

diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 3c01ec52e..85d3e352f 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -379,18 +379,18 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
 
 				switch (type) {
 				case XFRMA_ALG_AEAD:
-					if (aeadop)
+					if (ealgop || aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aeadop = *argv;
 					break;
 				case XFRMA_ALG_CRYPT:
-					if (ealgop)
+					if (ealgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					ealgop = *argv;
 					break;
 				case XFRMA_ALG_AUTH:
 				case XFRMA_ALG_AUTH_TRUNC:
-					if (aalgop)
+					if (aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aalgop = *argv;
 					break;