xfrm: check bundle policy existance before dereferencing it
Fix the bundle validation code to not assume having a valid policy. When we have multiple transformations for a xfrm policy, the bundle instance will be a chain of bundles with only the first one having the policy reference. When policy_genid is bumped it will expire the first bundle in the chain which is equivalent of expiring the whole chain. Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
38000a94a9
commit
b1312c89f0
1 changed files with 2 additions and 1 deletions
|
@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
|
||||||
return 0;
|
return 0;
|
||||||
if (xdst->xfrm_genid != dst->xfrm->genid)
|
if (xdst->xfrm_genid != dst->xfrm->genid)
|
||||||
return 0;
|
return 0;
|
||||||
if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
|
if (xdst->num_pols > 0 &&
|
||||||
|
xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (strict && fl &&
|
if (strict && fl &&
|
||||||
|
|
Loading…
Reference in a new issue