summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-11-06 23:08:37 -0800
committerDavid S. Miller <davem@davemloft.net>2008-11-06 23:08:37 -0800
commit70e90679ffce0937deb77e2bd8bd918a24a897fd (patch)
tree12950c5e0de1a0c86dd412474066cedef418b1c4
parent4bab0ea1d42dd1927af9df6fbf0003fc00617c50 (diff)
downloadlinux-70e90679ffce0937deb77e2bd8bd918a24a897fd.tar.gz
linux-70e90679ffce0937deb77e2bd8bd918a24a897fd.tar.bz2
linux-70e90679ffce0937deb77e2bd8bd918a24a897fd.zip
af_key: mark policy as dead before destroying
xfrm_policy_destroy() will oops if not dead policy is passed to it. On error path in pfkey_compile_policy() exactly this happens. Oopsable for CAP_NET_ADMIN owners. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/key/af_key.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 3440a4637f01..5b22e011653b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3188,6 +3188,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
return xp;
out:
+ xp->walk.dead = 1;
xfrm_policy_destroy(xp);
return NULL;
}