xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler

author Timo Teräs <timo.teras@iki.fi>

Wed, 31 Mar 2010 00:17:04 +0000 (00:17 +0000)

committer David S. Miller <davem@davemloft.net>

Fri, 2 Apr 2010 02:41:35 +0000 (19:41 -0700)
author Timo Teräs <timo.teras@iki.fi>
Wed, 31 Mar 2010 00:17:04 +0000 (00:17 +0000)
committer David S. Miller <davem@davemloft.net>
Fri, 2 Apr 2010 02:41:35 +0000 (19:41 -0700)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c

index 6106b72826d374f4d5cbcc1ea8ab1c391bef2917..da5ba86181dee413a32ec26e959e85f29683191e 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1741,6 +1741,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
         if (err)
                 return err;
  
+       err = verify_policy_dir(p->dir);
+       if (err)
+               return err;
+
         if (p->index)
                 xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
         else {
author	Timo Teräs <timo.teras@iki.fi>
	Wed, 31 Mar 2010 00:17:04 +0000 (00:17 +0000)
committer	David S. Miller <davem@davemloft.net>
	Fri, 2 Apr 2010 02:41:35 +0000 (19:41 -0700)