Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3f297707 authored by Jason A. Donenfeld's avatar Jason A. Donenfeld Committed by David S. Miller
Browse files

ipsec: check return value of skb_to_sgvec always 



Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 48a1df65

net/ipv4/ah4.c

+6 −2
Original line number Diff line number Diff line
@@ -220,7 +220,9 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb) 
	ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);



	sg_init_table(sg, nfrags + sglists);

	skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	if (unlikely(err < 0))

		goto out_free;



	if (x->props.flags & XFRM_STATE_ESN) {

		/* Attach seqhi sg right after packet payload */
@@ -393,7 +395,9 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb) 
	skb_push(skb, ihl);



	sg_init_table(sg, nfrags + sglists);

	skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	if (unlikely(err < 0))

		goto out_free;



	if (x->props.flags & XFRM_STATE_ESN) {

		/* Attach seqhi sg right after packet payload */

net/ipv4/esp4.c

+13 −7
Original line number Diff line number Diff line
@@ -377,9 +377,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
	esp->esph = esph;



	sg_init_table(sg, esp->nfrags);

	skb_to_sgvec(skb, sg,

	err = skb_to_sgvec(skb, sg,

		           (unsigned char *)esph - skb->data,

		           assoclen + ivlen + esp->clen + alen);

	if (unlikely(err < 0))

		goto error;



	if (!esp->inplace) {

		int allocsize;
@@ -403,9 +405,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info * 
		spin_unlock_bh(&x->lock);



		sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);

		skb_to_sgvec(skb, dsg,

		err = skb_to_sgvec(skb, dsg,

			           (unsigned char *)esph - skb->data,

			           assoclen + ivlen + esp->clen + alen);

		if (unlikely(err < 0))

			goto error;

	}



	if ((x->props.flags & XFRM_STATE_ESN))
@@ -690,7 +694,9 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) 
	esp_input_set_header(skb, seqhi);



	sg_init_table(sg, nfrags);

	skb_to_sgvec(skb, sg, 0, skb->len);

	err = skb_to_sgvec(skb, sg, 0, skb->len);

	if (unlikely(err < 0))

		goto out;



	skb->ip_summed = CHECKSUM_NONE;

net/ipv6/ah6.c

+6 −2
Original line number Diff line number Diff line
@@ -423,7 +423,9 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb) 
	ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);



	sg_init_table(sg, nfrags + sglists);

	skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	if (unlikely(err < 0))

		goto out_free;



	if (x->props.flags & XFRM_STATE_ESN) {

		/* Attach seqhi sg right after packet payload */
@@ -606,7 +608,9 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) 
	ip6h->hop_limit   = 0;



	sg_init_table(sg, nfrags + sglists);

	skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);

	if (unlikely(err < 0))

		goto out_free;



	if (x->props.flags & XFRM_STATE_ESN) {

		/* Attach seqhi sg right after packet payload */

net/ipv6/esp6.c

+13 −7
Original line number Diff line number Diff line
@@ -346,9 +346,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info 
	esph = esp_output_set_esn(skb, x, ip_esp_hdr(skb), seqhi);



	sg_init_table(sg, esp->nfrags);

	skb_to_sgvec(skb, sg,

	err = skb_to_sgvec(skb, sg,

		           (unsigned char *)esph - skb->data,

		           assoclen + ivlen + esp->clen + alen);

	if (unlikely(err < 0))

		goto error;



	if (!esp->inplace) {

		int allocsize;
@@ -372,9 +374,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info 
		spin_unlock_bh(&x->lock);



		sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);

		skb_to_sgvec(skb, dsg,

		err = skb_to_sgvec(skb, dsg,

			           (unsigned char *)esph - skb->data,

			           assoclen + ivlen + esp->clen + alen);

		if (unlikely(err < 0))

			goto error;

	}



	if ((x->props.flags & XFRM_STATE_ESN))
@@ -618,7 +622,9 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) 
	esp_input_set_header(skb, seqhi);



	sg_init_table(sg, nfrags);

	skb_to_sgvec(skb, sg, 0, skb->len);

	ret = skb_to_sgvec(skb, sg, 0, skb->len);

	if (unlikely(ret < 0))

		goto out;



	skb->ip_summed = CHECKSUM_NONE;