diff options
author | Davide Caratti <dcaratti@redhat.com> | 2016-07-22 15:07:56 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-07-25 10:55:39 -0700 |
commit | 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c (patch) | |
tree | b5001d976b145d30c2d90c1de8da6b8b59275594 /drivers/net/macsec.c | |
parent | baedbe55884c003819f5c8c063ec3d2569414296 (diff) |
macsec: limit ICV length to 16 octets
IEEE 802.1AE-2006 standard recommends that the ICV element in a MACsec
frame should not exceed 16 octets: add MACSEC_STD_ICV_LEN in uapi
definitions accordingly, and avoid accepting configurations where the ICV
length exceeds the standard value. Leave definition of MACSEC_MAX_ICV_LEN
unchanged for backwards compatibility with userspace programs.
Fixes: dece8d2b78d1 ("uapi: add MACsec bits")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/macsec.c')
-rw-r--r-- | drivers/net/macsec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 0cbb935078da..18cfb46c5911 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -510,7 +510,7 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len) } #define MACSEC_NEEDED_HEADROOM (macsec_extra_len(true)) -#define MACSEC_NEEDED_TAILROOM MACSEC_MAX_ICV_LEN +#define MACSEC_NEEDED_TAILROOM MACSEC_STD_ICV_LEN static void macsec_fill_iv(unsigned char *iv, sci_t sci, u32 pn) { @@ -3217,7 +3217,7 @@ static int macsec_validate_attr(struct nlattr *tb[], struct nlattr *data[]) case MACSEC_DEFAULT_CIPHER_ID: case MACSEC_DEFAULT_CIPHER_ALT: if (icv_len < MACSEC_MIN_ICV_LEN || - icv_len > MACSEC_MAX_ICV_LEN) + icv_len > MACSEC_STD_ICV_LEN) return -EINVAL; break; default: |