git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
[safe/jmp/linux-2.6] / net / xfrm / xfrm_user.c
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 6106b72..da5ba86 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
        if (err)
                return err;
 
+       err = verify_policy_dir(p->dir);
+       if (err)
+               return err;
+
        if (p->index)
                xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
        else {
Full containers within linux kernel