Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[IPSEC]: Fix potential dst leak in xfrm_lookup
If we get an error during the actual policy lookup we don't free the
original dst while the caller expects us to always free the original
dst in case of error.
This patch fixes that.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Herbert Xu and committed by David S. Miller 75b8c133 3f03e387
+6
-3
net/xfrm/xfrm_policy.c
+6
-3
net/xfrm/xfrm_policy.c
···
1318
1318
1319
1319
if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
1320
1320
policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1321
+
err = PTR_ERR(policy);
1321
1322
if (IS_ERR(policy))
1322
-
return PTR_ERR(policy);
1323
+
goto dropdst;
1323
1324
}
1324
1325
1325
1326
if (!policy) {
···
1331
1330
1332
1331
policy = flow_cache_lookup(fl, dst_orig->ops->family,
1333
1332
dir, xfrm_policy_lookup);
1333
+
err = PTR_ERR(policy);
1334
1334
if (IS_ERR(policy))
1335
-
return PTR_ERR(policy);
1335
+
goto dropdst;
1336
1336
}
1337
1337
1338
1338
if (!policy)
···
1503
1501
return 0;
1504
1502
1505
1503
error:
1506
-
dst_release(dst_orig);
1507
1504
xfrm_pols_put(pols, npols);
1505
+
dropdst:
1506
+
dst_release(dst_orig);
1508
1507
*dst_p = NULL;
1509
1508
return err;
1510
1509
}