af_key: mark policy as dead before destroying

xfrm_policy_destroy() will oops if not dead policy is passed to it. On error path in pfkey_compile_policy() exactly this happens. Oopsable for CAP_NET_ADMIN owners. Signed-off-by: N Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

af_key: mark policy as dead before destroying
xfrm_policy_destroy() will oops if not dead policy is passed to it. On error path in pfkey_compile_policy() exactly this happens. Oopsable for CAP_NET_ADMIN owners. Signed-off-by: N Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
70e90679 · Alexey Dobriyan · David S. Miller · 4bab0ea1 · 70e90679
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

net/key/af_key.c net/key/af_key.c +1 -0

未找到文件。
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3188,6 +3188,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
 	return xp;
 out:
+	xp->walk.dead = 1;
 	xfrm_policy_destroy(xp);
 	return NULL;
 }