• Steffen Klassert's avatar
    xfrm: Fix crash when the hold queue is used. · 8b2a6581
    Steffen Klassert authored
    [ Upstream commit 101dde42 ]
    
    The commits "xfrm: Move dst->path into struct xfrm_dst"
    and "net: Create and use new helper xfrm_dst_child()."
    changed xfrm bundle handling under the assumption
    that xdst->path and dst->child are not a NULL pointer
    only if dst->xfrm is not a NULL pointer. That is true
    with one exception. If the xfrm hold queue is used
    to wait until a SA is installed by the key manager,
    we create a dummy bundle without a valid dst->xfrm
    pointer. The current xfrm bundle handling crashes
    in that case. Fix this by extending the NULL check
    of dst->xfrm with a test of the DST_XFRM_QUEUE flag.
    
    Fixes: 0f6c480f ("xfrm: Move dst->path into struct xfrm_dst")
    Fixes: b92cf4aa ("net: Create and use new helper xfrm_dst_child().")
    Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    8b2a6581
xfrm.h 56.5 KB