summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2024-08-30 16:39:10 +0200
committerSteffen Klassert <steffen.klassert@secunet.com>2024-09-09 15:30:05 +0200
commit6a13f5afd39d17320316dbb8dd533fe7c6a613e6 (patch)
tree81f2899111af9560bd5c82f628bda7caf6e38538
parent69716a3babe1165a9ab1b3770b55d303d5bb5fa3 (diff)
downloadlinux-6a13f5afd39d17320316dbb8dd533fe7c6a613e6.tar.gz
linux-6a13f5afd39d17320316dbb8dd533fe7c6a613e6.tar.bz2
linux-6a13f5afd39d17320316dbb8dd533fe7c6a613e6.zip
xfrm: policy: fix null dereference
Julian Wiedmann says: > + if (!xfrm_pol_hold_rcu(ret)) Coverity spotted that ^^^ needs a s/ret/pol fix-up: > CID 1599386: Null pointer dereferences (FORWARD_NULL) > Passing null pointer "ret" to "xfrm_pol_hold_rcu", which dereferences it. Ditch the bogus 'ret' variable. Fixes: 563d5ca93e88 ("xfrm: switch migrate to xfrm_policy_lookup_bytype") Reported-by: Julian Wiedmann <jwiedmann.dev@gmail.com> Closes: https://lore.kernel.org/netdev/06dc2499-c095-4bd4-aee3-a1d0e3ec87c4@gmail.com/ Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
-rw-r--r--net/xfrm/xfrm_policy.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 6336baa8a93c..31c14457fdaf 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -4429,7 +4429,7 @@ EXPORT_SYMBOL_GPL(xfrm_audit_policy_delete);
static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *sel,
u8 dir, u8 type, struct net *net, u32 if_id)
{
- struct xfrm_policy *pol, *ret = NULL;
+ struct xfrm_policy *pol;
struct flowi fl;
memset(&fl, 0, sizeof(fl));
@@ -4465,7 +4465,7 @@ static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *
if (IS_ERR_OR_NULL(pol))
goto out_unlock;
- if (!xfrm_pol_hold_rcu(ret))
+ if (!xfrm_pol_hold_rcu(pol))
pol = NULL;
out_unlock:
rcu_read_unlock();