[IPSEC]: Fix zero return value in xfrm_lookup on error

Further testing shows that my ICMP relookup patch can cause xfrm_lookup to return zero on error which isn't very nice since it leads to the caller dying on null pointer dereference. The bug is due to not setting err to ENOENT just before we leave xfrm_lookup in case of no policy. This patch moves the err setting to where it should be. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>

[IPSEC]: Fix zero return value in xfrm_lookup on error
Further testing shows that my ICMP relookup patch can cause xfrm_lookup to return zero on error which isn't very nice since it leads to the caller dying on null pointer dereference. The bug is due to not setting err to ENOENT just before we leave xfrm_lookup in case of no policy. This patch moves the err setting to where it should be. Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N David S. Miller <davem@davemloft.net>
aef21785 · Herbert Xu · David S. Miller · cf86314c · aef21785
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

net/xfrm/xfrm_policy.c net/xfrm/xfrm_policy.c +2 -2

未找到文件。
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1469,8 +1469,6 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 			goto dropdst;
 	}

-	err = -ENOENT;
-
 	if (!policy) {
 		/* To accelerate a bit...  */
 		if ((dst_orig->flags & DST_NOXFRM) ||
@@ -1492,6 +1490,7 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 	npols ++;
 	xfrm_nr += pols[0]->xfrm_nr;

+	err = -ENOENT;
 	if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
 		goto error;

@@ -1657,6 +1656,7 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 	return err;

 nopol:
+	err = -ENOENT;
 	if (flags & XFRM_LOOKUP_ICMP)
 		goto dropdst;
 	return 0;