From: Herbert Xu Date: Tue, 11 Dec 2007 12:38:08 +0000 (-0800) Subject: [IPSEC]: Fix potential dst leak in xfrm_lookup X-Git-Tag: firefly_0821_release~24038 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=75b8c133267053c9986a7c8db5131f0e7349e806;p=firefly-linux-kernel-4.4.55.git [IPSEC]: Fix potential dst leak in xfrm_lookup If we get an error during the actual policy lookup we don't free the original dst while the caller expects us to always free the original dst in case of error. This patch fixes that. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 9a4cf2e45a15..b91b16671c1e 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1318,8 +1318,9 @@ restart: if (sk && sk->sk_policy[XFRM_POLICY_OUT]) { policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); + err = PTR_ERR(policy); if (IS_ERR(policy)) - return PTR_ERR(policy); + goto dropdst; } if (!policy) { @@ -1330,8 +1331,9 @@ restart: policy = flow_cache_lookup(fl, dst_orig->ops->family, dir, xfrm_policy_lookup); + err = PTR_ERR(policy); if (IS_ERR(policy)) - return PTR_ERR(policy); + goto dropdst; } if (!policy) @@ -1501,8 +1503,9 @@ restart: return 0; error: - dst_release(dst_orig); xfrm_pols_put(pols, npols); +dropdst: + dst_release(dst_orig); *dst_p = NULL; return err; }