xfrm: fix sa selector validation

commit b8d6d0079757cbd1b69724cfd1c08e2171c68cee upstream.

After commit b38ff4075a80, the following command does not work anymore:
$ ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 34 reqid 1 \
  mode tunnel enc 'cbc(aes)' 0xb0abdba8b782ad9d364ec81e3a7d82a1 auth-trunc \
  'hmac(sha1)' 0xe26609ebd00acb6a4d51fca13e49ea78a72c73e6 96 flag align4

In fact, the selector is not mandatory, allow the user to provide an empty
selector.

Fixes: b38ff4075a80 ("xfrm: Fix xfrm sel prefix length validation")
CC: Anirudh Gupta <anirudh.gupta@sophos.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 94dfcfd019f8951502b50fc714bf7a6635529224..7cd22947bdb6173937c5e559b18838f5b3c6213f 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -165,6 +165,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *p,
        }
 
        switch (p->sel.family) {
+       case AF_UNSPEC:
+               break;
+
        case AF_INET:
                if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32)
                        goto out;