Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFiro Yang <fyang@suse.com>2019-08-16 11:05:25 +0200
committerFiro Yang <fyang@suse.com>2019-08-16 11:05:37 +0200
commitc52202bac0c4f02cce9f5cc729b63ad3b5c4dfae (patch)
treed0ad7377678f2e5aab0f87a59d7cebf06c21035e
parent6524e96510a70b1cca634c1cd69fbc095bf64030 (diff)
xfrm: Fix NULL pointer dereference in xfrm_input when
skb_dst_force clears the dst_entry (bsc#1143300). suse-commit: 8597a81b058572a7414ed5cf8f318e13023a6662
-rw-r--r--net/xfrm/xfrm_input.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index d212a0308f33..291f72ebd49c 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -329,6 +329,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
skb->sp->xvec[skb->sp->len++] = x;
+ skb_dst_force(skb);
+ if (!skb_dst(skb)) {
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
+ goto drop;
+ }
+
lock:
spin_lock(&x->lock);
@@ -368,7 +374,6 @@ lock:
XFRM_SKB_CB(skb)->seq.input.low = seq;
XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
- skb_dst_force(skb);
dev_hold(skb->dev);
if (crypto_done)