Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d05ea3d4 authored by Steffen Klassert's avatar Steffen Klassert Committed by Greg Kroah-Hartman
Browse files

xfrm: Fix error reporting in xfrm_state_construct. 



[ Upstream commit 6fd06963fa74197103cdbb4b494763127b3f2f34 ]

When memory allocation for XFRMA_ENCAP or XFRMA_COADDR fails,
the error will not be reported because the -ENOMEM assignment
to the err variable is overwritten before. Fix this by moving
these two in front of the function so that memory allocation
failures will be reported.

Reported-by: default avatarTobias Brunner <tobias@strongswan.org>
Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 08feb4b0

net/xfrm/xfrm_user.c

+14 −14
Original line number Diff line number Diff line
@@ -566,6 +566,20 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, 


	copy_from_user_state(x, p);



	if (attrs[XFRMA_ENCAP]) {

		x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),

				   sizeof(*x->encap), GFP_KERNEL);

		if (x->encap == NULL)

			goto error;

	}



	if (attrs[XFRMA_COADDR]) {

		x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]),

				    sizeof(*x->coaddr), GFP_KERNEL);

		if (x->coaddr == NULL)

			goto error;

	}



	if (attrs[XFRMA_SA_EXTRA_FLAGS])

		x->props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]);
@@ -586,23 +600,9 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, 
				   attrs[XFRMA_ALG_COMP])))

		goto error;



	if (attrs[XFRMA_ENCAP]) {

		x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),

				   sizeof(*x->encap), GFP_KERNEL);

		if (x->encap == NULL)

			goto error;

	}



	if (attrs[XFRMA_TFCPAD])

		x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]);



	if (attrs[XFRMA_COADDR]) {

		x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]),

				    sizeof(*x->coaddr), GFP_KERNEL);

		if (x->coaddr == NULL)

			goto error;

	}



	xfrm_mark_get(attrs, &x->mark);



	err = __xfrm_init_state(x, false);