xfrm: check family before comparing addresses in migrate

When migrating between different address families, xfrm_addr_equal()
cannot meaningfully compare addresses, different lengths.
Only call xfrm_addr_equal() when families match, and take
the xfrm_state_insert() path when addresses are equal.

Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 85fd80520184f46dcc9a7bf350be467b0b083134..327a855253e62b789ded176efd07b54933c2dd51 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2159,10 +2159,11 @@ int xfrm_state_migrate_install(const struct xfrm_state *x,
                               struct xfrm_user_offload *xuo,
                               struct netlink_ext_ack *extack)
 {
-       if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
+       if (m->new_family == m->old_family &&
+           xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
                /*
-                * Care is needed when the destination address
-                * of the state is to be updated as it is a part of triplet.
+                * Care is needed when the destination address of the state is
+                * to be updated as it is a part of triplet.
                 */
                xfrm_state_insert(xc);
        } else {