Commit 2a5cc53e authored Aug 31, 2017 by Steffen Klassert Committed by Dmitry Shmidt Feb 15, 2018

BACKPORT: xfrm: Fix return value check of copy_sec_ctx.



A recent commit added an output_mark. When copying
this output_mark, the return value of copy_sec_ctx
is overwitten without a check. Fix this by copying
the output_mark before the security context.

Fixes: 077fbac405bf ("net: xfrm: support setting an output mark.")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit 8598112d04af21cf6c895670e72dcb8a9f58e74f)

Change-Id: I25e9ac6cf79dc8d0ee599bbd23e9d5b5f34a4284

parent d2c57b60

net/xfrm/xfrm_user.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -872,13 +872,13 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
		&x->replay);
		if (ret)
		goto out;
		if (x->security)
		ret = copy_sec_ctx(x->security, skb);
		if (x->props.output_mark) {
		ret = nla_put_u32(skb, XFRMA_OUTPUT_MARK, x->props.output_mark);
		if (ret)
		goto out;
		}
		if (x->security)
		ret = copy_sec_ctx(x->security, skb);
		out:
		return ret;
		}