Input: db9 - fix potential buffer overrun
[linux-2.6.22.y-op.git] / net / xfrm / xfrm_input.c
blob891a6090cc099d2f88e15aa33ff68db982132d6e
1 /*
2 * xfrm_input.c
4 * Changes:
5 * YOSHIFUJI Hideaki @USAGI
6 * Split up af-specific portion
7 *
8 */
10 #include <linux/slab.h>
11 #include <linux/module.h>
12 #include <net/ip.h>
13 #include <net/xfrm.h>
15 static kmem_cache_t *secpath_cachep __read_mostly;
17 void __secpath_destroy(struct sec_path *sp)
19 int i;
20 for (i = 0; i < sp->len; i++)
21 xfrm_state_put(sp->xvec[i]);
22 kmem_cache_free(secpath_cachep, sp);
24 EXPORT_SYMBOL(__secpath_destroy);
26 struct sec_path *secpath_dup(struct sec_path *src)
28 struct sec_path *sp;
30 sp = kmem_cache_alloc(secpath_cachep, SLAB_ATOMIC);
31 if (!sp)
32 return NULL;
34 sp->len = 0;
35 if (src) {
36 int i;
38 memcpy(sp, src, sizeof(*sp));
39 for (i = 0; i < sp->len; i++)
40 xfrm_state_hold(sp->xvec[i]);
42 atomic_set(&sp->refcnt, 1);
43 return sp;
45 EXPORT_SYMBOL(secpath_dup);
47 /* Fetch spi and seq from ipsec header */
49 int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq)
51 int offset, offset_seq;
53 switch (nexthdr) {
54 case IPPROTO_AH:
55 offset = offsetof(struct ip_auth_hdr, spi);
56 offset_seq = offsetof(struct ip_auth_hdr, seq_no);
57 break;
58 case IPPROTO_ESP:
59 offset = offsetof(struct ip_esp_hdr, spi);
60 offset_seq = offsetof(struct ip_esp_hdr, seq_no);
61 break;
62 case IPPROTO_COMP:
63 if (!pskb_may_pull(skb, sizeof(struct ip_comp_hdr)))
64 return -EINVAL;
65 *spi = htonl(ntohs(*(u16*)(skb->h.raw + 2)));
66 *seq = 0;
67 return 0;
68 default:
69 return 1;
72 if (!pskb_may_pull(skb, 16))
73 return -EINVAL;
75 *spi = *(u32*)(skb->h.raw + offset);
76 *seq = *(u32*)(skb->h.raw + offset_seq);
77 return 0;
79 EXPORT_SYMBOL(xfrm_parse_spi);
81 void __init xfrm_input_init(void)
83 secpath_cachep = kmem_cache_create("secpath_cache",
84 sizeof(struct sec_path),
85 0, SLAB_HWCACHE_ALIGN,
86 NULL, NULL);
87 if (!secpath_cachep)
88 panic("XFRM: failed to allocate secpath_cache\n");