[IPSEC]: Fix potential dst leak in xfrm_lookup

If we get an error during the actual policy lookup we don't free the original dst while the caller expects us to always free the original dst in case of error. This patch fixes that. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Dec 11, 2007 · 75b8c13 · 75b8c13
1 parent 3f03e38
commit 75b8c13
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
@@ -1318,8 +1318,9 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 
 	if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
 		policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
+		err = PTR_ERR(policy);
 		if (IS_ERR(policy))
-			return PTR_ERR(policy);
+			goto dropdst;
 	}
 
 	if (!policy) {
@@ -1330,8 +1331,9 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 
 		policy = flow_cache_lookup(fl, dst_orig->ops->family,
 					   dir, xfrm_policy_lookup);
+		err = PTR_ERR(policy);
 		if (IS_ERR(policy))
-			return PTR_ERR(policy);
+			goto dropdst;
 	}
 
 	if (!policy)
@@ -1501,8 +1503,9 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
 	return 0;
 
 error:
-	dst_release(dst_orig);
 	xfrm_pols_put(pols, npols);
+dropdst:
+	dst_release(dst_orig);
 	*dst_p = NULL;
 	return err;
 }