diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-04 05:16:23 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-04-13 20:52:22 +0300 |
commit | f0fcb83da112d3550931b4acb42c29db663e7302 (patch) | |
tree | d2526f676a95d5ebaff34993c29dd70a35f5d556 /net/ipv6/esp6.c | |
parent | ede3b044f109a6a4f9f7ac16da703a6eca002634 (diff) | |
download | linux-f0fcb83da112d3550931b4acb42c29db663e7302.tar.xz |
ipsec: check return value of skb_to_sgvec always
commit 3f29770723fe498a5c5f57c3a31a996ebdde03e1 upstream.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[nc: Adjust context due to lack of 000ae7b2690e2 and fca11ebde3f0]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/ipv6/esp6.c')
-rw-r--r-- | net/ipv6/esp6.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 83fc3a385a26..8871a98845c7 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -231,9 +231,11 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb) esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low); sg_init_table(sg, nfrags); - skb_to_sgvec(skb, sg, - esph->enc_data + crypto_aead_ivsize(aead) - skb->data, - clen + alen); + err = skb_to_sgvec(skb, sg, + esph->enc_data + crypto_aead_ivsize(aead) - skb->data, + clen + alen); + if (unlikely(err < 0)) + goto error; if ((x->props.flags & XFRM_STATE_ESN)) { sg_init_table(asg, 3); @@ -381,7 +383,9 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) iv = esph->enc_data; sg_init_table(sg, nfrags); - skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen); + ret = skb_to_sgvec(skb, sg, sizeof(*esph) + crypto_aead_ivsize(aead), elen); + if (unlikely(ret < 0)) + goto out; if ((x->props.flags & XFRM_STATE_ESN)) { sg_init_table(asg, 3); |