On Mon, Feb 25, 2019 at 05:56:00PM +0800, Yue Haibing wrote: > > the check. Then __xfrm_policy_unlink use the index to access array > policy_count > whose size is XFRM_POLICY_MAX * 2, triggering out of bounds access.
No it doesn't. Even if it did the bug would be in __xfrm_policy_unlink and not here. Your patch makes no sense. Cheers, -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
