BACKPORT: xfrm: Fix return value check of copy_sec_ctx.

commit 8598112d04af21cf6c895670e72dcb8a9f58e74f upstream. A recent commit added an output_mark. When copying this output_mark, the return value of copy_sec_ctx is overwitten without a check. Fix this by copying the output_mark before the security context. Fixes: 077fbac405bf ("net: xfrm: support setting an output mark.") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Change-Id: I25e9ac6cf79dc8d0ee599bbd23e9d5b5f34a4284 Fixes: Change-Id: I76120fba036e21780ced31ad390faf491ea81e52 ("BACKPORT: net: xfrm: support setting an output mark.") Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
author: Steffen Klassert <steffen.klassert@secunet.com> 2017-08-31 10:37:00 +0200
committer: Dmitry Shmidt <dimitrysh@google.com> 2018-02-15 18:59:15 +0000
commit: 55a36659621564511040e8e27391219a9117565d (patch)
tree: 9889e28e94aafb832a45e61b1ad37b58e3806a88
parent: 5e56f242721e98a18abc2436561a0e7ce44b4c85 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8b71b09e5ab6..6905de41c5d4 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -868,13 +868,13 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
 			      &x->replay);
 	if (ret)
 		goto out;
-	if (x->security)
-		ret = copy_sec_ctx(x->security, skb);
 	if (x->props.output_mark) {
 		ret = nla_put_u32(skb, XFRMA_OUTPUT_MARK, x->props.output_mark);
 		if (ret)
 			goto out;
 	}
+	if (x->security)
+		ret = copy_sec_ctx(x->security, skb);
 out:
 	return ret;
 }
author	Steffen Klassert <steffen.klassert@secunet.com>	2017-08-31 10:37:00 +0200
committer	Dmitry Shmidt <dimitrysh@google.com>	2018-02-15 18:59:15 +0000
commit	55a36659621564511040e8e27391219a9117565d (patch)
tree	9889e28e94aafb832a45e61b1ad37b58e3806a88
parent	5e56f242721e98a18abc2436561a0e7ce44b4c85 (diff)