[IPSEC]: Fix zero return value in xfrm_lookup on error
Further testing shows that my ICMP relookup patch can cause xfrm_lookup to return zero on error which isn't very nice since it leads to the caller dying on null pointer dereference. The bug is due to not setting err to ENOENT just before we leave xfrm_lookup in case of no policy. This patch moves the err setting to where it should be. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
cf86314cb7
commit
aef2178599
1 changed files with 2 additions and 2 deletions
|
@ -1469,8 +1469,6 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
|
|||
goto dropdst;
|
||||
}
|
||||
|
||||
err = -ENOENT;
|
||||
|
||||
if (!policy) {
|
||||
/* To accelerate a bit... */
|
||||
if ((dst_orig->flags & DST_NOXFRM) ||
|
||||
|
@ -1492,6 +1490,7 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
|
|||
npols ++;
|
||||
xfrm_nr += pols[0]->xfrm_nr;
|
||||
|
||||
err = -ENOENT;
|
||||
if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
|
||||
goto error;
|
||||
|
||||
|
@ -1657,6 +1656,7 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
|
|||
return err;
|
||||
|
||||
nopol:
|
||||
err = -ENOENT;
|
||||
if (flags & XFRM_LOOKUP_ICMP)
|
||||
goto dropdst;
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue