diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-07 02:08:37 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-07 02:08:37 -0500 |
commit | 70e90679ffce0937deb77e2bd8bd918a24a897fd (patch) | |
tree | 12950c5e0de1a0c86dd412474066cedef418b1c4 /net/key | |
parent | 4bab0ea1d42dd1927af9df6fbf0003fc00617c50 (diff) |
af_key: mark policy as dead before destroying
xfrm_policy_destroy() will oops if not dead policy is passed to it.
On error path in pfkey_compile_policy() exactly this happens.
Oopsable for CAP_NET_ADMIN owners.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key')
-rw-r--r-- | net/key/af_key.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 3440a4637f01..5b22e011653b 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -3188,6 +3188,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, | |||
3188 | return xp; | 3188 | return xp; |
3189 | 3189 | ||
3190 | out: | 3190 | out: |
3191 | xp->walk.dead = 1; | ||
3191 | xfrm_policy_destroy(xp); | 3192 | xfrm_policy_destroy(xp); |
3192 | return NULL; | 3193 | return NULL; |
3193 | } | 3194 | } |