[IPSEC]: Fix null authentication/encryption.

06d7822a · Thomas Walpuski · David S. Miller · 15931833 · 06d7822a · 06d7822a
Commit 06d7822a authored Mar 19, 2003 by Thomas Walpuski Committed by David S. Miller Mar 19, 2003
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

net/ipv4/xfrm_user.c net/ipv4/xfrm_user.c +7 -1

net/key/af_key.c net/key/af_key.c +1 -0

No files found.
--- a/net/ipv4/xfrm_user.c
+++ b/net/ipv4/xfrm_user.c
@@ -46,8 +46,14 @@ static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type)
 	algp = RTA_DATA(rt);
 	switch (type) {
 	case XFRMA_ALG_AUTH:
+		if (!algp->alg_key_len &&
+		    strcmp(algp->alg_name, "digest_null") != 0)
+			return -EINVAL;
+		break;
 	case XFRMA_ALG_CRYPT:
-		if (!algp->alg_key_len)
+		if (!algp->alg_key_len &&
+		    strcmp(algp->alg_name, "cipher_null") != 0)
 			return -EINVAL;
 		break;

--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -900,6 +900,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct sadb_msg *hdr,
 		return ERR_PTR(-EINVAL);
 	key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
 	if (key != NULL &&
+	    sa->sadb_sa_auth != SADB_X_AALG_NULL &&
 	    ((key->sadb_key_bits+7) / 8 == 0 ||
 	     (key->sadb_key_bits+7) / 8 > key->sadb_key_len * sizeof(uint64_t)))
 		return ERR_PTR(-EINVAL);