-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
what did you mean with "leaks xfrm_state reference"? The missing
xfrm_state_put(x) ?
I changed it (see below) to use Krisztian's xfrm_state_replay_update function.
|>
|> + struct xfrm_replay_state *replay;
|> + + x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
|> + if (x == NULL) {
|> + printk(KERN_INFO "Found no xfrm state for sa seq update\n");
|> + return -ESRCH;
|> + }
|> +
|> + if(xfrma[XFRMA_REPLAY-1]) {
|> + replay = RTA_DATA(xfrma[XFRMA_REPLAY - 1]);
|> + x->replay = *replay;
|>
|>
|> + }
|> + else return -EINVAL;
|>
|>
| ^^ leaks xfrm_state reference
|
|> +
|> + return 0;
|>
|>
| ^^ same here
|
|> +} +
|> static const int xfrm_msg_min[(XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)] = {
|> NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)), /* NEW SA */
|> NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)), /* DEL SA */
|> @@ -867,6 +897,7 @@
|> NLMSG_LENGTH(sizeof(struct xfrm_user_polexpire)), /* POLEXPIRE */
|> NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)), /* FLUSH SA */
|> NLMSG_LENGTH(0), /* FLUSH POLICY */
|> + NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)),/* UPD SEQ */
|>
|>
| ^^ what about struct xfrm_replay_state ?
it's attached as rt attribute, so it should be ok.
- ---
static int xfrm_update_seq(struct sk_buff *skb, struct nlmsghdr *nlh, void
**xfrma)
{
~ struct xfrm_state *x;
~ struct xfrm_usersa_id *p = NLMSG_DATA(nlh);
~ struct xfrm_replay_state *replay;
~ x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family);
~ if (x == NULL) {
~ printk(KERN_INFO "Found no xfrm state for sa seq update\n");
~ return -ESRCH;
~ }
~ if(xfrma[XFRMA_REPLAY-1]) {
~ replay = RTA_DATA(xfrma[XFRMA_REPLAY - 1]);
~ xfrm_state_replay_update(x, replay);
~ xfrm_state_put(x);
~ }
~ else return -EINVAL;
~ return 0;
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBj0r522t2oTuElzoRAgBWAKCKSQXB2rX9DeMpMwVIMl9mXfmxUQCfeYYY
1d3V4P8C3+d5YgsYpwkFHPQ=
=RihP
-----END PGP SIGNATURE-----
|