From 0395839028b13f4e380e167c6381e4eea4a9fc42 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin@gmail.com>
Date: Wed, 1 Sep 2021 21:55:25 +0300
Subject: [PATCH] net: xfrm: fix shift-out-of-bounds in xfrm_get_default

/* ... */

Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
---
 net/xfrm/xfrm_user.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b7b986520dc7..a1dd38525957 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2007,6 +2007,9 @@ static int xfrm_get_default(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 	r_up = nlmsg_data(r_nlh);
 
+	if (up->dirmask >= XFRM_USERPOLICY_DIRMASK_MAX)
+		return -EINVAL;
+
 	r_up->action = ((net->xfrm.policy_default & (1 << up->dirmask)) >> up->dirmask);
 	r_up->dirmask = up->dirmask;
 	nlmsg_end(r_skb, r_nlh);
-- 
2.33.0