summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch')
-rw-r--r--main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch35
1 files changed, 0 insertions, 35 deletions
diff --git a/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch b/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
deleted file mode 100644
index ae2a0f910..000000000
--- a/main/linux-grsec/0011-xfrm_user-verify-policy-direction-at-XFRM_MSG_POLEXP.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 5b3e87bccb0e48f2f8b78695e949c015a3695f8e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Wed, 31 Mar 2010 00:17:04 +0000
-Subject: [PATCH 11/18] xfrm_user: verify policy direction at XFRM_MSG_POLEXPIRE handler
-
-Add missing check for policy direction verification. This is
-especially important since without this xfrm_user may end up
-deleting per-socket policy which is not allowed.
-
-Signed-off-by: Timo Teras <timo.teras@iki.fi>
-Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-(cherry picked from commit c8bf4d04f970fafb3430d332533e1cf103f2a018)
----
- net/xfrm/xfrm_user.c | 4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
-index b95a2d6..d1e9ee3 100644
---- a/net/xfrm/xfrm_user.c
-+++ b/net/xfrm/xfrm_user.c
-@@ -1589,6 +1589,10 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
- if (err)
- return err;
-
-+ err = verify_policy_dir(p->dir);
-+ if (err)
-+ return err;
-+
- if (p->index)
- xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err);
- else {
---
-1.7.0.2
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 02:29:11 +0000