diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-07 08:08:37 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-07 08:08:37 +0100 |
commit | 70e90679ffce0937deb77e2bd8bd918a24a897fd (patch) | |
tree | 12950c5e0de1a0c86dd412474066cedef418b1c4 /net/key | |
parent | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 (diff) | |
download | linux-70e90679ffce0937deb77e2bd8bd918a24a897fd.tar.xz linux-70e90679ffce0937deb77e2bd8bd918a24a897fd.zip |
af_key: mark policy as dead before destroying
xfrm_policy_destroy() will oops if not dead policy is passed to it.
On error path in pfkey_compile_policy() exactly this happens.
Oopsable for CAP_NET_ADMIN owners.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key')
-rw-r--r-- | net/key/af_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 3440a4637f01..5b22e011653b 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3188,6 +3188,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, return xp; out: + xp->walk.dead = 1; xfrm_policy_destroy(xp); return NULL; } |