diff options
author | Fan Du <fan.du@windriver.com> | 2013-12-16 18:47:48 +0800 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-12-16 12:54:00 +0100 |
commit | ea9884b3acf3311c8a11db67bfab21773f6f82ba (patch) | |
tree | 64c4a72014514a66150b62cb408b2c77efcc4c4c | |
parent | 0e0d44ab4275549998567cd4700b43f7496eb62b (diff) |
xfrm: check user specified spi for IPComp
IPComp connection between two hosts is broken if given spi bigger
than 0xffff.
OUTSPI=0x87
INSPI=0x11112
ip xfrm policy update dst 192.168.1.101 src 192.168.1.109 dir out action allow \
tmpl dst 192.168.1.101 src 192.168.1.109 proto comp spi $OUTSPI
ip xfrm policy update src 192.168.1.101 dst 192.168.1.109 dir in action allow \
tmpl src 192.168.1.101 dst 192.168.1.109 proto comp spi $INSPI
ip xfrm state add src 192.168.1.101 dst 192.168.1.109 proto comp spi $INSPI \
comp deflate
ip xfrm state add dst 192.168.1.101 src 192.168.1.109 proto comp spi $OUTSPI \
comp deflate
tcpdump can capture outbound ping packet, but inbound packet is
dropped with XfrmOutNoStates errors. It looks like spi value used
for IPComp is expected to be 16bits wide only.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 16c84608e81e..4027c4266a87 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -181,7 +181,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, attrs[XFRMA_ALG_AEAD] || attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_COMP] || - attrs[XFRMA_TFCPAD]) + attrs[XFRMA_TFCPAD] || + (ntohl(p->id.spi) >= 0x10000)) + goto out; break; |