diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2018-05-31 09:45:18 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2018-05-31 09:53:04 +0200 |
commit | 38369f54d97dd7dc50c73a2797bfeb53c2e87d2d (patch) | |
tree | 10f9850a7f5f795165a4fd7d833261c0d8f8f7e3 /net/xfrm | |
parent | xfrm6: avoid potential infinite loop in _decode_session6() (diff) | |
download | linux-38369f54d97dd7dc50c73a2797bfeb53c2e87d2d.tar.xz linux-38369f54d97dd7dc50c73a2797bfeb53c2e87d2d.zip |
xfrm Fix potential error pointer dereference in xfrm_bundle_create.
We may derference an invalid pointer in the error path of
xfrm_bundle_create(). Fix this by returning this error
pointer directly instead of assigning it to xdst0.
Fixes: 45b018beddb6 ("ipsec: Create and use new helpers for dst child access.")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 40b54cc64243..5f48251c1319 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1658,7 +1658,6 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, trailer_len -= xdst_prev->u.dst.xfrm->props.trailer_len; } -out: return &xdst0->u.dst; put_states: @@ -1667,8 +1666,8 @@ put_states: free_dst: if (xdst0) dst_release_immediate(&xdst0->u.dst); - xdst0 = ERR_PTR(err); - goto out; + + return ERR_PTR(err); } static int xfrm_expand_policies(const struct flowi *fl, u16 family, |