| From foo@baz Mon Apr 9 17:09:24 CEST 2018 |
| From: "Jason A. Donenfeld" <Jason@zx2c4.com> |
| Date: Sun, 4 Jun 2017 04:16:25 +0200 |
| Subject: macsec: check return value of skb_to_sgvec always |
| |
| From: "Jason A. Donenfeld" <Jason@zx2c4.com> |
| |
| |
| [ Upstream commit cda7ea6903502af34015000e16be290a79f07638 ] |
| |
| Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |
| Cc: Sabrina Dubroca <sd@queasysnail.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| drivers/net/macsec.c | 13 +++++++++++-- |
| 1 file changed, 11 insertions(+), 2 deletions(-) |
| |
| --- a/drivers/net/macsec.c |
| +++ b/drivers/net/macsec.c |
| @@ -742,7 +742,12 @@ static struct sk_buff *macsec_encrypt(st |
| macsec_fill_iv(iv, secy->sci, pn); |
| |
| sg_init_table(sg, ret); |
| - skb_to_sgvec(skb, sg, 0, skb->len); |
| + ret = skb_to_sgvec(skb, sg, 0, skb->len); |
| + if (unlikely(ret < 0)) { |
| + macsec_txsa_put(tx_sa); |
| + kfree_skb(skb); |
| + return ERR_PTR(ret); |
| + } |
| |
| if (tx_sc->encrypt) { |
| int len = skb->len - macsec_hdr_len(sci_present) - |
| @@ -949,7 +954,11 @@ static struct sk_buff *macsec_decrypt(st |
| macsec_fill_iv(iv, sci, ntohl(hdr->packet_number)); |
| |
| sg_init_table(sg, ret); |
| - skb_to_sgvec(skb, sg, 0, skb->len); |
| + ret = skb_to_sgvec(skb, sg, 0, skb->len); |
| + if (unlikely(ret < 0)) { |
| + kfree_skb(skb); |
| + return ERR_PTR(ret); |
| + } |
| |
| if (hdr->tci_an & MACSEC_TCI_E) { |
| /* confidentiality: ethernet + macsec header |