xfrm: fix refcount leak in __xfrm_policy_check() - kernel/linux.git

diff options

author	Xin Xiong <xiongx18@fudan.edu.cn>	2022-07-24 12:55:58 +0300
committer	Steffen Klassert <steffen.klassert@secunet.com>	2022-07-27 00:08:24 +0300
commit	9c9cb23e00ddf45679b21b4dacc11d1ae7961ebe (patch)
tree	465e49197666e7be63090845a56c00cc4f05b722 /net/xfrm/xfrm_device.c
parent	9b134b1694ec8926926ba6b7b80884ea829245a0 (diff)
download	linux-9c9cb23e00ddf45679b21b4dacc11d1ae7961ebe.tar.xz

xfrm: fix refcount leak in __xfrm_policy_check()

The issue happens on an error path in __xfrm_policy_check(). When the fetching process of the object `pols[1]` fails, the function simply returns 0, forgetting to decrement the reference count of `pols[0]`, which is incremented earlier by either xfrm_sk_policy_lookup() or xfrm_policy_lookup(). This may result in memory leaks. Fix it by decreasing the reference count of `pols[0]` in that path. Fixes: 134b0fc544ba ("IPsec: propagate security module errors up from flow_cache_lookup") Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Diffstat (limited to 'net/xfrm/xfrm_device.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: