Commit a0e5ef53 authored by Tobias Brunner's avatar Tobias Brunner Committed by Steffen Klassert

xfrm: Fix installation of AH IPsec SAs

The SPI check introduced in ea9884b3
was intended for IPComp SAs but actually prevented AH SAs from getting
installed (depending on the SPI).

Fixes: ea9884b3 ("xfrm: check user specified spi for IPComp")
Cc: Fan Du <fan.du@windriver.com>
Signed-off-by: default avatarTobias Brunner <tobias@strongswan.org>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
parent b7eea454
...@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, ...@@ -177,9 +177,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
attrs[XFRMA_ALG_AEAD] || attrs[XFRMA_ALG_AEAD] ||
attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_CRYPT] ||
attrs[XFRMA_ALG_COMP] || attrs[XFRMA_ALG_COMP] ||
attrs[XFRMA_TFCPAD] || attrs[XFRMA_TFCPAD])
(ntohl(p->id.spi) >= 0x10000))
goto out; goto out;
break; break;
...@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, ...@@ -207,7 +205,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
attrs[XFRMA_ALG_AUTH] || attrs[XFRMA_ALG_AUTH] ||
attrs[XFRMA_ALG_AUTH_TRUNC] || attrs[XFRMA_ALG_AUTH_TRUNC] ||
attrs[XFRMA_ALG_CRYPT] || attrs[XFRMA_ALG_CRYPT] ||
attrs[XFRMA_TFCPAD]) attrs[XFRMA_TFCPAD] ||
(ntohl(p->id.spi) >= 0x10000))
goto out; goto out;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment