aboutsummaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 94bf810ad242..6482b001f19a 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -401,6 +401,11 @@ static int verify_address_len(const void *p)
401#endif 401#endif
402 int len; 402 int len;
403 403
404 if (sp->sadb_address_len <
405 DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family),
406 sizeof(uint64_t)))
407 return -EINVAL;
408
404 switch (addr->sa_family) { 409 switch (addr->sa_family) {
405 case AF_INET: 410 case AF_INET:
406 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t)); 411 len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t));
@@ -511,6 +516,9 @@ static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void *
511 uint16_t ext_type; 516 uint16_t ext_type;
512 int ext_len; 517 int ext_len;
513 518
519 if (len < sizeof(*ehdr))
520 return -EINVAL;
521
514 ext_len = ehdr->sadb_ext_len; 522 ext_len = ehdr->sadb_ext_len;
515 ext_len *= sizeof(uint64_t); 523 ext_len *= sizeof(uint64_t);
516 ext_type = ehdr->sadb_ext_type; 524 ext_type = ehdr->sadb_ext_type;
generated by cgit v1.2.3 (git 2.39.2)