ip/xfrm: Fix deleteall when having many policies installed

Fix "Policy buffer overflow" when trying to use deleteall with many
policies installed.

Signed-off-by: Alexander Heinlein <alexander.heinlein@secunet.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

ip/xfrm_policy.c

@@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who,
 	if (!xfrm_policy_filter_match(xpinfo, ptype))
 		return 0;
 
-	if (xb->offset > xb->size) {
+	if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
-		fprintf(stderr, "Policy buffer overflow\n");
+		return 0;
-		return -1;
-	}
 
 	new_n = (struct nlmsghdr *)(xb->buf + xb->offset);
 	new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid));