[IPSEC]: Lock state when copying non-atomic fields to user-space

[deliverable/linux.git] / net / ipv4 / ah4.c

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 39f6211f1496050957ba6082d36a01799822c21b..58af298e1941faca1e9ee078e43c6e4a8b12ff5e 100644 (file)
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -96,8 +96,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
 
        ah->reserved = 0;
        ah->spi = x->id.spi;
-       ah->seq_no = htonl(++x->replay.oseq);
-       xfrm_aevent_doreplay(x);
+       ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq);
        err = ah_mac_digest(ahp, skb, ah->auth_data);
        if (err)
                goto error;
@@ -219,10 +218,6 @@ static int ah_init_state(struct xfrm_state *x)
        if (!x->aalg)
                goto error;
 
-       /* null auth can use a zero length key */
-       if (x->aalg->alg_key_len > 512)
-               goto error;
-
        if (x->encap)
                goto error;
 
@@ -230,14 +225,13 @@ static int ah_init_state(struct xfrm_state *x)
        if (ahp == NULL)
                return -ENOMEM;
 
-       ahp->key = x->aalg->alg_key;
-       ahp->key_len = (x->aalg->alg_key_len+7)/8;
        tfm = crypto_alloc_hash(x->aalg->alg_name, 0, CRYPTO_ALG_ASYNC);
        if (IS_ERR(tfm))
                goto error;
 
        ahp->tfm = tfm;
-       if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
+       if (crypto_hash_setkey(tfm, x->aalg->alg_key,
+                              (x->aalg->alg_key_len + 7) / 8))
                goto error;
 
        /*
@@ -302,6 +296,7 @@ static struct xfrm_type ah_type =
        .description    = "AH4",
        .owner          = THIS_MODULE,
        .proto          = IPPROTO_AH,
+       .flags          = XFRM_TYPE_REPLAY_PROT,
        .init_state     = ah_init_state,
        .destructor     = ah_destroy,
        .input          = ah_input,