Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f398035f2dec0a6150833b0bc105057953594edb
Commit:     f398035f2dec0a6150833b0bc105057953594edb
Parent:     e0260feddf8a68301c75cdfff9ec251d5851b006
Author:     Herbert Xu <[EMAIL PROTECTED]>
AuthorDate: Wed Dec 19 23:44:29 2007 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Wed Dec 19 23:44:29 2007 -0800

    [IPSEC]: Avoid undefined shift operation when testing algorithm ID
    
    The aalgos/ealgos fields are only 32 bits wide.  However, af_key tries
    to test them with the expression 1 << id where id can be as large as
    253.  This produces different behaviour on different architectures.
    
    The following patch explicitly checks whether ID is greater than 31
    and fails the check if that's the case.
    
    We cannot easily extend the mask to be longer than 32 bits due to
    exposure to user-space.  Besides, this whole interface is obsolete
    anyway in favour of the xfrm_user interface which doesn't use this
    bit mask in templates (well not within the kernel anyway).
    
    Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 net/key/af_key.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/net/key/af_key.c b/net/key/af_key.c
index 878039b..26d5e63 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2784,12 +2784,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct 
sk_buff *skb, int *errp)
 
 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
 {
-       return t->aalgos & (1 << d->desc.sadb_alg_id);
+       unsigned int id = d->desc.sadb_alg_id;
+
+       if (id >= sizeof(t->aalgos) * 8)
+               return 0;
+
+       return (t->aalgos >> id) & 1;
 }
 
 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
 {
-       return t->ealgos & (1 << d->desc.sadb_alg_id);
+       unsigned int id = d->desc.sadb_alg_id;
+
+       if (id >= sizeof(t->ealgos) * 8)
+               return 0;
+
+       return (t->ealgos >> id) & 1;
 }
 
 static int count_ah_combs(struct xfrm_tmpl *t)
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to