summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-12-13 09:30:59 -0800
committerDavid S. Miller <davem@davemloft.net>2008-01-28 14:57:54 -0800
commitaef21785995778f710a60b563e03bf53ba455a47 (patch)
tree5deeca8578e5b8d0198144b9dc2b281f8789a3df
parentcf86314cb7460423b0b7e611edad80a52dc90d10 (diff)
[IPSEC]: Fix zero return value in xfrm_lookup on error
Further testing shows that my ICMP relookup patch can cause xfrm_lookup to return zero on error which isn't very nice since it leads to the caller dying on null pointer dereference. The bug is due to not setting err to ENOENT just before we leave xfrm_lookup in case of no policy. This patch moves the err setting to where it should be. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/xfrm/xfrm_policy.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a83b5e1349e..8023a3c0dad 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1469,8 +1469,6 @@ restart:
goto dropdst;
}
- err = -ENOENT;
-
if (!policy) {
/* To accelerate a bit... */
if ((dst_orig->flags & DST_NOXFRM) ||
@@ -1492,6 +1490,7 @@ restart:
npols ++;
xfrm_nr += pols[0]->xfrm_nr;
+ err = -ENOENT;
if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
goto error;
@@ -1657,6 +1656,7 @@ dropdst:
return err;
nopol:
+ err = -ENOENT;
if (flags & XFRM_LOOKUP_ICMP)
goto dropdst;
return 0;