xfrm_user: propagate sec ctx allocation errors
When we fail to attach the security context in xfrm_state_construct() we'll return 0 as error value which, in turn, will wrongly claim success to userland when, in fact, we won't be adding / updating the XFRM state. This is a regression introduced by commitfd21150a0f
("[XFRM] netlink: Inline attach_encap_tmpl(), attach_sec_ctx(), and attach_one_addr()"). Fix it by propagating the error returned by security_xfrm_state_alloc() in this case. Fixes:fd21150a0f
("[XFRM] netlink: Inline attach_encap_tmpl()...") Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
2c2c8e33e4
commit
2f30ea5090
1 changed files with 6 additions and 3 deletions
|
@ -581,9 +581,12 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
|
|||
if (err)
|
||||
goto error;
|
||||
|
||||
if (attrs[XFRMA_SEC_CTX] &&
|
||||
security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX])))
|
||||
if (attrs[XFRMA_SEC_CTX]) {
|
||||
err = security_xfrm_state_alloc(x,
|
||||
nla_data(attrs[XFRMA_SEC_CTX]));
|
||||
if (err)
|
||||
goto error;
|
||||
}
|
||||
|
||||
if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
|
||||
attrs[XFRMA_REPLAY_ESN_VAL])))
|
||||
|
|
Loading…
Reference in a new issue