static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type)
{
- struct rtattr *rt = xfrma[type - 1];
+ struct rtattr *rt = xfrma[type];
struct xfrm_algo *algp;
- int len;
if (!rt)
return 0;
- len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp);
- if (len < 0)
- return -EINVAL;
-
algp = RTA_DATA(rt);
-
- len -= (algp->alg_key_len + 7U) / 8;
- if (len < 0)
+ if (RTA_PAYLOAD(rt) < alg_len(algp))
return -EINVAL;
switch (type) {
return 0;
}
-static int verify_encap_tmpl(struct rtattr **xfrma)
-{
- struct rtattr *rt = xfrma[XFRMA_ENCAP - 1];
- struct xfrm_encap_tmpl *encap;
-
- if (!rt)
- return 0;
-
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap))
- return -EINVAL;
-
- return 0;
-}
-
-static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type,
+static void verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type,
xfrm_address_t **addrp)
{
- struct rtattr *rt = xfrma[type - 1];
+ struct rtattr *rt = xfrma[type];
- if (!rt)
- return 0;
-
- if ((rt->rta_len - sizeof(*rt)) < sizeof(**addrp))
- return -EINVAL;
-
- if (addrp)
+ if (rt && addrp)
*addrp = RTA_DATA(rt);
-
- return 0;
}
static inline int verify_sec_ctx_len(struct rtattr **xfrma)
{
- struct rtattr *rt = xfrma[XFRMA_SEC_CTX - 1];
+ struct rtattr *rt = xfrma[XFRMA_SEC_CTX];
struct xfrm_user_sec_ctx *uctx;
- int len = 0;
if (!rt)
return 0;
- if (rt->rta_len < sizeof(*uctx))
- return -EINVAL;
-
uctx = RTA_DATA(rt);
-
- len += sizeof(struct xfrm_user_sec_ctx);
- len += uctx->ctx_len;
-
- if (uctx->len != len)
+ if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
return -EINVAL;
return 0;
err = -EINVAL;
switch (p->id.proto) {
case IPPROTO_AH:
- if (!xfrma[XFRMA_ALG_AUTH-1] ||
- xfrma[XFRMA_ALG_CRYPT-1] ||
- xfrma[XFRMA_ALG_COMP-1])
+ if (!xfrma[XFRMA_ALG_AUTH] ||
+ xfrma[XFRMA_ALG_CRYPT] ||
+ xfrma[XFRMA_ALG_COMP])
goto out;
break;
case IPPROTO_ESP:
- if ((!xfrma[XFRMA_ALG_AUTH-1] &&
- !xfrma[XFRMA_ALG_CRYPT-1]) ||
- xfrma[XFRMA_ALG_COMP-1])
+ if ((!xfrma[XFRMA_ALG_AUTH] &&
+ !xfrma[XFRMA_ALG_CRYPT]) ||
+ xfrma[XFRMA_ALG_COMP])
goto out;
break;
case IPPROTO_COMP:
- if (!xfrma[XFRMA_ALG_COMP-1] ||
- xfrma[XFRMA_ALG_AUTH-1] ||
- xfrma[XFRMA_ALG_CRYPT-1])
+ if (!xfrma[XFRMA_ALG_COMP] ||
+ xfrma[XFRMA_ALG_AUTH] ||
+ xfrma[XFRMA_ALG_CRYPT])
goto out;
break;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
case IPPROTO_DSTOPTS:
case IPPROTO_ROUTING:
- if (xfrma[XFRMA_ALG_COMP-1] ||
- xfrma[XFRMA_ALG_AUTH-1] ||
- xfrma[XFRMA_ALG_CRYPT-1] ||
- xfrma[XFRMA_ENCAP-1] ||
- xfrma[XFRMA_SEC_CTX-1] ||
- !xfrma[XFRMA_COADDR-1])
+ if (xfrma[XFRMA_ALG_COMP] ||
+ xfrma[XFRMA_ALG_AUTH] ||
+ xfrma[XFRMA_ALG_CRYPT] ||
+ xfrma[XFRMA_ENCAP] ||
+ xfrma[XFRMA_SEC_CTX] ||
+ !xfrma[XFRMA_COADDR])
goto out;
break;
#endif
goto out;
if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP)))
goto out;
- if ((err = verify_encap_tmpl(xfrma)))
- goto out;
if ((err = verify_sec_ctx_len(xfrma)))
goto out;
- if ((err = verify_one_addr(xfrma, XFRMA_COADDR, NULL)))
- goto out;
err = -EINVAL;
switch (p->mode) {
* somehow made shareable and move it to xfrm_state.c - JHS
*
*/
-static int xfrm_update_ae_params(struct xfrm_state *x, struct rtattr **xfrma)
+static void xfrm_update_ae_params(struct xfrm_state *x, struct rtattr **xfrma)
{
- int err = - EINVAL;
- struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1];
- struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1];
- struct rtattr *et = xfrma[XFRMA_ETIMER_THRESH-1];
- struct rtattr *rt = xfrma[XFRMA_REPLAY_THRESH-1];
+ struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL];
+ struct rtattr *lt = xfrma[XFRMA_LTIME_VAL];
+ struct rtattr *et = xfrma[XFRMA_ETIMER_THRESH];
+ struct rtattr *rt = xfrma[XFRMA_REPLAY_THRESH];
if (rp) {
struct xfrm_replay_state *replay;
- if (RTA_PAYLOAD(rp) < sizeof(*replay))
- goto error;
replay = RTA_DATA(rp);
memcpy(&x->replay, replay, sizeof(*replay));
memcpy(&x->preplay, replay, sizeof(*replay));
if (lt) {
struct xfrm_lifetime_cur *ltime;
- if (RTA_PAYLOAD(lt) < sizeof(*ltime))
- goto error;
ltime = RTA_DATA(lt);
x->curlft.bytes = ltime->bytes;
x->curlft.packets = ltime->packets;
x->curlft.use_time = ltime->use_time;
}
- if (et) {
- if (RTA_PAYLOAD(et) < sizeof(u32))
- goto error;
+ if (et)
x->replay_maxage = *(u32*)RTA_DATA(et);
- }
- if (rt) {
- if (RTA_PAYLOAD(rt) < sizeof(u32))
- goto error;
+ if (rt)
x->replay_maxdiff = *(u32*)RTA_DATA(rt);
- }
-
- return 0;
-error:
- return err;
}
static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p,
if ((err = attach_one_algo(&x->aalg, &x->props.aalgo,
xfrm_aalg_get_byname,
- xfrma[XFRMA_ALG_AUTH-1])))
+ xfrma[XFRMA_ALG_AUTH])))
goto error;
if ((err = attach_one_algo(&x->ealg, &x->props.ealgo,
xfrm_ealg_get_byname,
- xfrma[XFRMA_ALG_CRYPT-1])))
+ xfrma[XFRMA_ALG_CRYPT])))
goto error;
if ((err = attach_one_algo(&x->calg, &x->props.calgo,
xfrm_calg_get_byname,
- xfrma[XFRMA_ALG_COMP-1])))
+ xfrma[XFRMA_ALG_COMP])))
goto error;
- if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1])))
+ if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP])))
goto error;
- if ((err = attach_one_addr(&x->coaddr, xfrma[XFRMA_COADDR-1])))
+ if ((err = attach_one_addr(&x->coaddr, xfrma[XFRMA_COADDR])))
goto error;
err = xfrm_init_state(x);
if (err)
goto error;
- if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX-1])))
+ if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX])))
goto error;
x->km.seq = p->seq;
/* override default values from above */
- err = xfrm_update_ae_params(x, (struct rtattr **)xfrma);
- if (err < 0)
- goto error;
+ xfrm_update_ae_params(x, (struct rtattr **)xfrma);
return x;
} else {
xfrm_address_t *saddr = NULL;
- err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr);
- if (err)
- goto out;
-
+ verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr);
if (!saddr) {
err = -EINVAL;
goto out;
static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct rtattr **xfrma)
{
- struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
+ struct rtattr *rt = xfrma[XFRMA_SEC_CTX];
struct xfrm_user_sec_ctx *uctx;
if (!rt)
static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma)
{
- struct rtattr *rt = xfrma[XFRMA_TMPL-1];
+ struct rtattr *rt = xfrma[XFRMA_TMPL];
if (!rt) {
pol->xfrm_nr = 0;
static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma)
{
- struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1];
+ struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE];
struct xfrm_userpolicy_type *upt;
u8 type = XFRM_POLICY_TYPE_MAIN;
int err;
if (rt) {
- if (rt->rta_len < sizeof(*upt))
- return -EINVAL;
-
upt = RTA_DATA(rt);
type = upt->type;
}
if (p->index)
xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
else {
- struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
+ struct rtattr *rt = xfrma[XFRMA_SEC_CTX];
struct xfrm_policy tmp;
err = verify_sec_ctx_len(xfrma);
struct km_event c;
int err = - EINVAL;
struct xfrm_aevent_id *p = nlmsg_data(nlh);
- struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1];
- struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1];
+ struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL];
+ struct rtattr *lt = xfrma[XFRMA_LTIME_VAL];
if (!lt && !rp)
return err;
goto out;
spin_lock_bh(&x->lock);
- err = xfrm_update_ae_params(x, xfrma);
+ xfrm_update_ae_params(x, xfrma);
spin_unlock_bh(&x->lock);
- if (err < 0)
- goto out;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
if (p->index)
xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
else {
- struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
+ struct rtattr *rt = xfrma[XFRMA_SEC_CTX];
struct xfrm_policy tmp;
err = verify_sec_ctx_len(xfrma);
struct xfrm_policy *xp;
struct xfrm_user_tmpl *ut;
int i;
- struct rtattr *rt = xfrma[XFRMA_TMPL-1];
+ struct rtattr *rt = xfrma[XFRMA_TMPL];
struct xfrm_user_acquire *ua = nlmsg_data(nlh);
struct xfrm_state *x = xfrm_state_alloc();
}
#ifdef CONFIG_XFRM_MIGRATE
-static int verify_user_migrate(struct rtattr **xfrma)
-{
- struct rtattr *rt = xfrma[XFRMA_MIGRATE-1];
- struct xfrm_user_migrate *um;
-
- if (!rt)
- return -EINVAL;
-
- if ((rt->rta_len - sizeof(*rt)) < sizeof(*um))
- return -EINVAL;
-
- return 0;
-}
-
static int copy_from_user_migrate(struct xfrm_migrate *ma,
struct rtattr **xfrma, int *num)
{
- struct rtattr *rt = xfrma[XFRMA_MIGRATE-1];
+ struct rtattr *rt = xfrma[XFRMA_MIGRATE];
struct xfrm_user_migrate *um;
int i, num_migrate;
int err;
int n = 0;
- err = verify_user_migrate((struct rtattr **)xfrma);
- if (err)
- return err;
+ if (xfrma[XFRMA_MIGRATE] == NULL)
+ return -EINVAL;
err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
if (err)
#undef XMSGSIZE
+static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
+ [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) },
+ [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) },
+ [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) },
+ [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) },
+ [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) },
+ [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) },
+ [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) },
+ [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) },
+ [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
+ [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
+ [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) },
+ [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) },
+ [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)},
+ [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
+};
+
static struct xfrm_link {
int (*doit)(struct sk_buff *, struct nlmsghdr *, struct rtattr **);
int (*dump)(struct sk_buff *, struct netlink_callback *);
return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL);
}
- /* FIXME: Temporary hack, nlmsg_parse() starts at xfrma[1], old code
- * expects first attribute at xfrma[0] */
- err = nlmsg_parse(nlh, xfrm_msg_min[type], xfrma-1, XFRMA_MAX, NULL);
+ err = nlmsg_parse(nlh, xfrm_msg_min[type], xfrma, XFRMA_MAX,
+ xfrma_policy);
if (err < 0)
return err;