af_key: pfkey_dump needs parameter validation

commit 37bd22420f856fcd976989f1d4f1f7ad28e1fcac upstream.

In pfkey_dump() dplen and splen can both be specified to access the
xfrm_address_t structure out of bounds in__xfrm_state_filter_match()
when it calls addr_match() with the indexes.  Return EINVAL if either
are out of range.

Signed-off-by: Mark Salyzyn <>
Cc: Steffen Klassert <>
Cc: Herbert Xu <>
Cc: "David S. Miller" <>
Cc: Jakub Kicinski <>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <>
Signed-off-by: Greg Kroah-Hartman <>

1 file changed