diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2017-08-31 10:37:00 +0200 |
---|---|---|
committer | Dmitry Shmidt <dimitrysh@google.com> | 2018-02-15 18:59:15 +0000 |
commit | 55a36659621564511040e8e27391219a9117565d (patch) | |
tree | 9889e28e94aafb832a45e61b1ad37b58e3806a88 | |
parent | 5e56f242721e98a18abc2436561a0e7ce44b4c85 (diff) |
BACKPORT: xfrm: Fix return value check of copy_sec_ctx.
commit 8598112d04af21cf6c895670e72dcb8a9f58e74f upstream.
A recent commit added an output_mark. When copying
this output_mark, the return value of copy_sec_ctx
is overwitten without a check. Fix this by copying
the output_mark before the security context.
Fixes: 077fbac405bf ("net: xfrm: support setting an output mark.")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Change-Id: I25e9ac6cf79dc8d0ee599bbd23e9d5b5f34a4284
Fixes: Change-Id: I76120fba036e21780ced31ad390faf491ea81e52
("BACKPORT: net: xfrm: support setting an output mark.")
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
-rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 8b71b09e5ab6..6905de41c5d4 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -868,13 +868,13 @@ static int copy_to_user_state_extra(struct xfrm_state *x, &x->replay); if (ret) goto out; - if (x->security) - ret = copy_sec_ctx(x->security, skb); if (x->props.output_mark) { ret = nla_put_u32(skb, XFRMA_OUTPUT_MARK, x->props.output_mark); if (ret) goto out; } + if (x->security) + ret = copy_sec_ctx(x->security, skb); out: return ret; } |