af_key: mark policy as dead before destroying xfrm_policy_destroy() will oops if not dead policy is passed to it. On error path in pfkey_compile_policy() exactly this happens. Oopsable for CAP_NET_ADMIN owners. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 70e90679ffce0937deb77e2bd8bd918a24a897fd [log] [tgz]
author: Alexey Dobriyan <adobriyan@gmail.com> Thu Nov 06 23:08:37 2008 -0800
committer: David S. Miller <davem@davemloft.net> Thu Nov 06 23:08:37 2008 -0800
tree: 12950c5e0de1a0c86dd412474066cedef418b1c4
parent: 4bab0ea1d42dd1927af9df6fbf0003fc00617c50 [diff] [blame]
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 3440a46..5b22e01 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c

@@ -3188,6 +3188,7 @@
 	return xp;
 
 out:
+	xp->walk.dead = 1;
 	xfrm_policy_destroy(xp);
 	return NULL;
 }
commit	70e90679ffce0937deb77e2bd8bd918a24a897fd	[log] [tgz]
author	Alexey Dobriyan <adobriyan@gmail.com>	Thu Nov 06 23:08:37 2008 -0800
committer	David S. Miller <davem@davemloft.net>	Thu Nov 06 23:08:37 2008 -0800
tree	12950c5e0de1a0c86dd412474066cedef418b1c4
parent	4bab0ea1d42dd1927af9df6fbf0003fc00617c50 [diff] [blame]