| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Sep 2016 16:02:22 +0200
From: Davide Caratti <dcaratti@...hat.com>
To: netdev@...r.kernel.org
Cc: Sabrina Dubroca <sd@...asysnail.net>, Phil Sutter <phil@....cc>,
Stephen Hemminger <stephen@...workplumber.org>
Subject: [iproute PATCH] macsec: fix input range of 'icvlen' parameter
the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.
Signed-off-by: Davide Caratti <dcaratti@...hat.com>
---
ip/ipmacsec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 2e670e9..127fa1e 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -152,9 +152,9 @@ static void get_icvlen(__u8 *icvlen, char *arg)
if (ret)
invarg("expected ICV length", arg);
- if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN)
+ if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN)
invarg("ICV length must be in the range {"
- STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN)
+ STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN)
"}", arg);
}
--
2.5.5
Powered by blists - more mailing lists