| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Nov 2017 14:13:25 +0100 From: Thomas Egerer <thomas.egerer@...unet.com> To: Stephen Hemminger <stephen@...workplumber.org> CC: <netdev@...r.kernel.org> Subject: [PATCH iproute2-resend 2/3] xfrm_policy: Do not attempt to deleteall a socket policy Socket polices are added to a socket using setsockopt(2). They cannot be deleted by iproute2. The attempt to delete them causes an error (EINVAL). To avoid this unnecessary error message all socket policies are skipped in xfrm_policy_keep. Signed-off-by: Thomas Egerer <thomas.egerer@...unet.com> --- ip/xfrm_policy.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index 7d2139e..e2fa771 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -735,6 +735,10 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who, if (!xfrm_policy_filter_match(xpinfo, ptype)) return 0; + /* can't delete socket policies */ + if (xpinfo->dir >= XFRM_POLICY_MAX) + return 0; + if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size) return 0; -- 2.6.4
Powered by blists - more mailing lists