Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit ddd29496 authored by Herbert Xu's avatar Herbert Xu Committed by Greg Kroah-Hartman
Browse files

IPSEC: Avoid undefined shift operation when testing algorithm ID 

[IPSEC]: Avoid undefined shift operation when testing algorithm ID

[ Upstream commit: f398035f

 ]

The aalgos/ealgos fields are only 32 bits wide.  However, af_key tries
to test them with the expression 1 << id where id can be as large as
253.  This produces different behaviour on different architectures.

The following patch explicitly checks whether ID is greater than 31
and fails the check if that's the case.

We cannot easily extend the mask to be longer than 32 bits due to
exposure to user-space.  Besides, this whole interface is obsolete
anyway in favour of the xfrm_user interface which doesn't use this
bit mask in templates (well not within the kernel anyway).

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 37d99de3
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 2 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals