From: Wei Yongjun <weiyongjun1@huawei.com>
Date: Sat, 27 Oct 2018 06:12:06 +0000 (+0000)
Subject: xfrm: Fix error return code in xfrm_output_one()
X-Git-Tag: Ubuntu-4.15.0-61.68~3927
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=9d076a271f941fc3f91d8804a69f10f631948fd8;p=mirror_ubuntu-bionic-kernel.git

xfrm: Fix error return code in xfrm_output_one()

BugLink: https://bugs.launchpad.net/bugs/1837477

[ Upstream commit 533555e5cbb6aa2d77598917871ae5b579fe724b ]

xfrm_output_one() does not return a error code when there is
no dst_entry attached to the skb, it is still possible crash
with a NULL pointer dereference in xfrm_output_resume(). Fix
it by return error code -EHOSTUNREACH.

Fixes: 9e1437937807 ("xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
---

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index c47660fba498..b226b230e8bf 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -103,6 +103,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
 		skb_dst_force(skb);
 		if (!skb_dst(skb)) {
 			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTERROR);
+			err = -EHOSTUNREACH;
 			goto error_nolock;
 		}