Commit 17375fcb authored by Krishna Kumar's avatar Krishna Kumar Committed by David S. Miller

[AF_KEY]: In pfkey_get(), do not dereference xfrm_state after it is put.

parent 81187eb8
...@@ -1283,6 +1283,7 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h ...@@ -1283,6 +1283,7 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
{ {
__u8 proto;
struct sk_buff *out_skb; struct sk_buff *out_skb;
struct sadb_msg *out_hdr; struct sadb_msg *out_hdr;
struct xfrm_state *x; struct xfrm_state *x;
...@@ -1297,6 +1298,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, ...@@ -1297,6 +1298,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
return -ESRCH; return -ESRCH;
out_skb = pfkey_xfrm_state2msg(x, 1, 3); out_skb = pfkey_xfrm_state2msg(x, 1, 3);
proto = x->id.proto;
xfrm_state_put(x); xfrm_state_put(x);
if (IS_ERR(out_skb)) if (IS_ERR(out_skb))
return PTR_ERR(out_skb); return PTR_ERR(out_skb);
...@@ -1304,7 +1306,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, ...@@ -1304,7 +1306,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
out_hdr = (struct sadb_msg *) out_skb->data; out_hdr = (struct sadb_msg *) out_skb->data;
out_hdr->sadb_msg_version = hdr->sadb_msg_version; out_hdr->sadb_msg_version = hdr->sadb_msg_version;
out_hdr->sadb_msg_type = SADB_DUMP; out_hdr->sadb_msg_type = SADB_DUMP;
out_hdr->sadb_msg_satype = pfkey_proto2satype(x->id.proto); out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
out_hdr->sadb_msg_errno = 0; out_hdr->sadb_msg_errno = 0;
out_hdr->sadb_msg_reserved = 0; out_hdr->sadb_msg_reserved = 0;
out_hdr->sadb_msg_seq = hdr->sadb_msg_seq; out_hdr->sadb_msg_seq = hdr->sadb_msg_seq;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment