From: Herbert Xu <[EMAIL PROTECTED]>
Subject: Re: [PATCH] possible overflow of sock->sk_policy
Date: Tue, 26 Jul 2005 13:07:14 +1000
> Balazs Scheidler <[EMAIL PROTECTED]> wrote:
> >
> > While reading through the xfrm code I've found a possible array overflow
Balazs Scheidler <[EMAIL PROTECTED]> wrote:
>
> While reading through the xfrm code I've found a possible array overflow
> in struct sock.
Thanks for catching this. However, the check should be done in xfrm_user
as we do for af_key. The following patch does just that.
Signed-off-by: Herbert Xu
> Hi,
>
> I'm attaching a small testprogram which tries to install an
> XFRM_POLICY_FWD, and I confirmed with a printk that the value of 2 is
> successfully propagated to xfrm_sk_policy_insert().
test program originally missed, here it is this time.
--
Bazsi
#include
#include
#include
#incl
Hi,
While reading through the xfrm code I've found a possible array overflow
in struct sock.
When issuing a setsockopt(SOL_IP, IP_XFRM_POLICY) on a socket, a
function called xfrm_user_policy() is called to compile and install a
socket specific XFRM policy.
This function calls km->compile_policy(
