macsec: fix input range of 'icvlen' parameter

the maximum possible ICV length in a MACsec frame is 16 octects, not 32: fix get_icvlen() accordingly, so that a proper error message is displayed in case input 'icvlen' is greater than 16. Signed-off-by: Davide Caratti <dcaratti@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Acked-by: Sabrina Dubroca <sd@queasysnail.net>
author: Davide Caratti <dcaratti@redhat.com> 2016-09-09 16:02:22 +0200
committer: Stephen Hemminger <stephen@networkplumber.org> 2016-09-20 09:48:26 -0700
commit: f20f5f79909fdc6327fcd015a3850645a236729d (patch)
tree: 13841edf1b28c4e1307c30408b7840ee57f033ca /ip/ipmacsec.c
parent: e2cfe5501f99ed17e883a02c6fe81b7f9ab6f2d7 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 2e670e9e..127fa1e3 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -152,9 +152,9 @@ static void get_icvlen(__u8 *icvlen, char *arg)
 	if (ret)
 		invarg("expected ICV length", arg);
 
-	if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_MAX_ICV_LEN)
+	if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN)
 		invarg("ICV length must be in the range {"
-		       STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_MAX_ICV_LEN)
+		       STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN)
 		       "}", arg);
 }
author	Davide Caratti <dcaratti@redhat.com>	2016-09-09 16:02:22 +0200
committer	Stephen Hemminger <stephen@networkplumber.org>	2016-09-20 09:48:26 -0700
commit	f20f5f79909fdc6327fcd015a3850645a236729d (patch)
tree	13841edf1b28c4e1307c30408b7840ee57f033ca /ip/ipmacsec.c
parent	e2cfe5501f99ed17e883a02c6fe81b7f9ab6f2d7 (diff)