On Mon, 16 Jan 2017 15:09:01 +0100 Alexander Heinlein <[email protected]> wrote:
> Fix "Policy buffer overflow" error when trying to use deleteall with > many policies installed. > > Signed-off-by: Alexander Heinlein <[email protected]> > --- > ip/xfrm_policy.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c > index cc9c0f1..451b982 100644 > --- a/ip/xfrm_policy.c > +++ b/ip/xfrm_policy.c > @@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct > sockaddr_nl *who, > if (!xfrm_policy_filter_match(xpinfo, ptype)) > return 0; > > - if (xb->offset > xb->size) { > - fprintf(stderr, "Policy buffer overflow\n"); > - return -1; > - } > + if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size) > + return 0; > > new_n = (struct nlmsghdr *)(xb->buf + xb->offset); > new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid)); What happens when many many policies are installed? It looks like your patch would silently stop deleting. Does the the code flush all of them?
