IPSEC: Avoid undefined shift operation when testing algorithm ID

[IPSEC]: Avoid undefined shift operation when testing algorithm ID

[ Upstream commit: f398035f2dec0a6150833b0bc105057953594edb ]

The aalgos/ealgos fields are only 32 bits wide.  However, af_key tries
to test them with the expression 1 << id where id can be as large as
253.  This produces different behaviour on different architectures.

The following patch explicitly checks whether ID is greater than 31
and fails the check if that's the case.

We cannot easily extend the mask to be longer than 32 bits due to
exposure to user-space.  Besides, this whole interface is obsolete
anyway in favour of the xfrm_user interface which doesn't use this
bit mask in templates (well not within the kernel anyway).

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/key/af_key.c b/net/key/af_key.c
index ca0db0f3be2369264c64f079258acc9d7d8b5da1..0be3be2b76b350e394e8281b508cd42d7bae52d6 100644 (file)
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2777,12 +2777,22 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
 
 static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
 {
-       return t->aalgos & (1 << d->desc.sadb_alg_id);
+       unsigned int id = d->desc.sadb_alg_id;
+
+       if (id >= sizeof(t->aalgos) * 8)
+               return 0;
+
+       return (t->aalgos >> id) & 1;
 }
 
 static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
 {
-       return t->ealgos & (1 << d->desc.sadb_alg_id);
+       unsigned int id = d->desc.sadb_alg_id;
+
+       if (id >= sizeof(t->ealgos) * 8)
+               return 0;
+
+       return (t->ealgos >> id) & 1;
 }
 
 static int count_ah_combs(struct xfrm_tmpl *t)