Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[IPSEC]: Fix potential dst leak in xfrm_lookup
If we get an error during the actual policy lookup we don't free the
original dst while the caller expects us to always free the original
dst in case of error.
This patch fixes that.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by Herbert Xu and committed by David S. Miller 75b8c133 3f03e387
+6
-3
net/xfrm/xfrm_policy.c
+6
-3
net/xfrm/xfrm_policy.c
···
1318
1319
if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
1320
policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1321
if (IS_ERR(policy))
1322
-
return PTR_ERR(policy);
1323
}
1324
1325
if (!policy) {
···
1331
1332
policy = flow_cache_lookup(fl, dst_orig->ops->family,
1333
dir, xfrm_policy_lookup);
1334
if (IS_ERR(policy))
1335
-
return PTR_ERR(policy);
1336
}
1337
1338
if (!policy)
···
1503
return 0;
1504
1505
error:
1506
-
dst_release(dst_orig);
1507
xfrm_pols_put(pols, npols);
1508
*dst_p = NULL;
1509
return err;
1510
}
···
1318
1319
if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
1320
policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1321
+
err = PTR_ERR(policy);
1322
if (IS_ERR(policy))
1323
+
goto dropdst;
1324
}
1325
1326
if (!policy) {
···
1330
1331
policy = flow_cache_lookup(fl, dst_orig->ops->family,
1332
dir, xfrm_policy_lookup);
1333
+
err = PTR_ERR(policy);
1334
if (IS_ERR(policy))
1335
+
goto dropdst;
1336
}
1337
1338
if (!policy)
···
1501
return 0;
1502
1503
error:
1504
xfrm_pols_put(pols, npols);
1505
+
dropdst:
1506
+
dst_release(dst_orig);
1507
*dst_p = NULL;
1508
return err;
1509
}