af_key: mark policy as dead before destroying

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

xfrm_policy_destroy() will oops if not dead policy is passed to it.
On error path in pfkey_compile_policy() exactly this happens.

Oopsable for CAP_NET_ADMIN owners.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Alexey Dobriyan and committed by

David S. Miller 17 years ago 70e90679 4bab0ea1

1 changed file

expand all

net

key

af_key.c

net/key/af_key.c

··· 3188 3188 return xp; 3189 3189 3190 3190 out: 3191 + xp->walk.dead = 1; 3191 3192 xfrm_policy_destroy(xp); 3192 3193 return NULL; 3193 3194 }