Hello!
Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD
(=2) as index in sk->sk_policy.
sk->sk_policy[] is defined in sock.h as:
struct xfrm_policy *sk_policy[2];
Attached is the fix.
http://linuxbugs.coverity.com/external/editbugparent.php?viewbugid=2138&checkers%5B%5D=all&status%5B%5D=BUG&status%5B%5D=UNINSPECTED&status%5B%5D=UNKNOWN&status%5B%5D=DON%27T%20CARE&status%5B%5D=PENDING&product%5B%5D=all&component%5B%5D=all&file=&fn=&sortby=reverse_rank&before=&after=&curpage=2&bugid=-1&comment=&reason=
---
Catalin(ux aka Dino) BOIE
catab at deuroconsult.ro
http://kernel.umbrella.ro/
Catalinux aka Dino BOIE <[email protected]> wrote:
>
> Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD
> (=2) as index in sk->sk_policy.
>
> sk->sk_policy[] is defined in sock.h as:
>
> struct xfrm_policy *sk_policy[2];
>
> Attached is the fix.
This is bogus as if the packet is forwarded then sk == NULL.
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On Tue, 07 Sep 2004 22:46:22 +1000
Herbert Xu <[email protected]> wrote:
> Catalinux aka Dino BOIE <[email protected]> wrote:
> >
> > Coverity found a bug in accessing xfrm4_policy_check using XFRM_POLICY_FWD
> > (=2) as index in sk->sk_policy.
> >
> > sk->sk_policy[] is defined in sock.h as:
> >
> > struct xfrm_policy *sk_policy[2];
> >
> > Attached is the fix.
>
> This is bogus as if the packet is forwarded then sk == NULL.
Agreed.