[iproute PATCH] macsec: fix input range of 'icvlen' parameter

Davide Caratti Fri, 09 Sep 2016 07:03:37 -0700

the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.


Signed-off-by: Davide Caratti <dcara...@redhat.com>
---
 ip/ipmacsec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 2e670e9..127fa1e 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -152,9 +152,9 @@ static void get_icvlen(__u8 *icvlen, char *arg)
        if (ret)
                invarg("expected ICV length", arg);
 
-       if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN)
+       if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN)
                invarg("ICV length must be in the range {"
-                      STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN)
+                      STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN)
                       "}", arg);
 }
 
-- 
2.5.5

[iproute PATCH] macsec: fix input range of 'icvlen' parameter

Reply via email to