Commit 2bb53e25 authored Oct 08, 2013 by Steffen Klassert

xfrm: check for a vaild skb in xfrm_policy_queue_process



We might dreference a NULL pointer if the hold_queue is empty,
so add a check to avoid this.

Bug was introduced with git commit a0073fe1 ("xfrm: Add a state
resolution packet queue")

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

parent e7d8f6cb

net/xfrm/xfrm_policy.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -1772,6 +1772,10 @@ static void xfrm_policy_queue_process(unsigned long arg)

		spin_lock(&pq->hold_queue.lock);
		skb = skb_peek(&pq->hold_queue);
		if (!skb) {
		spin_unlock(&pq->hold_queue.lock);
		goto out;
		}
		dst = skb_dst(skb);
		sk = skb->sk;
		xfrm_decode_session(skb, &fl, dst->ops->family);