[PATCH] [IPSEC]: Fix __xfrm_find_acq_byseq()

This function, as it's name implies, is supposed to only return IPSEC objects which are in the XFRM_STATE_ACQ ("acquire") state. But it returns any object with the matching sequence number. This is wrong and confuses IPSEC daemons to no end. [XFRM]: xfrm_find_acq_byseq should only return XFRM_STATE_ACQ states. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

[PATCH] [IPSEC]: Fix __xfrm_find_acq_byseq()
This function, as it's name implies, is supposed to only return IPSEC objects which are in the XFRM_STATE_ACQ ("acquire") state. But it returns any object with the matching sequence number. This is wrong and confuses IPSEC daemons to no end. [XFRM]: xfrm_find_acq_byseq should only return XFRM_STATE_ACQ states. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
ad6be076 · David S. Miller · Greg Kroah-Hartman · 858b4c71 · ad6be076
Commit ad6be076 authored Mar 18, 2005 by David S. Miller Committed by Greg Kroah-Hartman Mar 18, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/xfrm/xfrm_state.c net/xfrm/xfrm_state.c +1 -1

No files found.
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -609,7 +609,7 @@ static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)

 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
-			if (x->km.seq == seq) {
+			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
 				xfrm_state_hold(x);
 				return x;
 			}