xfrm: check bundle policy existance before dereferencing it

Fix the bundle validation code to not assume having a valid policy.
When we have multiple transformations for a xfrm policy, the bundle
instance will be a chain of bundles with only the first one having
the policy reference. When policy_genid is bumped it will expire the
first bundle in the chain which is equivalent of expiring the whole
chain.

Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Timo Teräs 2010-06-24 14:35:00 -07:00 committed by David S. Miller
parent 38000a94a9
commit b1312c89f0

View file

@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
return 0; return 0;
if (xdst->xfrm_genid != dst->xfrm->genid) if (xdst->xfrm_genid != dst->xfrm->genid)
return 0; return 0;
if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid)) if (xdst->num_pols > 0 &&
xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
return 0; return 0;
if (strict && fl && if (strict && fl &&