[IPSEC]: xfrm_policy delete security check misplaced

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_user.c

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 956cfe0ff7f82b91067fae393ae9085538ad5972..30c244bbd8ac65d1251362d375898e2a04b36d41 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1254,7 +1254,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                return err;
 
        if (p->index)
-               xp = xfrm_policy_byid(type, p->dir, p->index, delete);
+               xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
        else {
                struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
                struct xfrm_policy tmp;
@@ -1270,7 +1270,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
                                return err;
                }
-               xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
+               xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+                                          delete, &err);
                security_xfrm_policy_free(&tmp);
        }
        if (xp == NULL)
@@ -1288,8 +1289,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                                              MSG_DONTWAIT);
                }
        } else {
-               err = security_xfrm_policy_delete(xp);
-
                xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
                               AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
 
@@ -1303,9 +1302,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                km_policy_notify(xp, p->dir, &c);
        }
 
-       xfrm_pol_put(xp);
-
 out:
+       xfrm_pol_put(xp);
        return err;
 }
 
@@ -1502,7 +1500,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
                return err;
 
        if (p->index)
-               xp = xfrm_policy_byid(type, p->dir, p->index, 0);
+               xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
        else {
                struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
                struct xfrm_policy tmp;
@@ -1518,13 +1516,14 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
                                return err;
                }
-               xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0);
+               xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+                                          0, &err);
                security_xfrm_policy_free(&tmp);
        }
 
        if (xp == NULL)
-               return err;
-                                                                                       read_lock(&xp->lock);
+               return -ENOENT;
+       read_lock(&xp->lock);
        if (xp->dead) {
                read_unlock(&xp->lock);
                goto out;