summaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-11-07 08:08:37 +0100
committerDavid S. Miller <davem@davemloft.net>2008-11-07 08:08:37 +0100
commit70e90679ffce0937deb77e2bd8bd918a24a897fd (patch)
tree12950c5e0de1a0c86dd412474066cedef418b1c4 /net/key/af_key.c
parentMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 (diff)
downloadlinux-70e90679ffce0937deb77e2bd8bd918a24a897fd.tar.xz
linux-70e90679ffce0937deb77e2bd8bd918a24a897fd.zip
af_key: mark policy as dead before destroying
xfrm_policy_destroy() will oops if not dead policy is passed to it. On error path in pfkey_compile_policy() exactly this happens. Oopsable for CAP_NET_ADMIN owners. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 3440a4637f01..5b22e011653b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3188,6 +3188,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
return xp;
out:
+ xp->walk.dead = 1;
xfrm_policy_destroy(xp);
return NULL;
}