xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.
authorSteffen Klassert <steffen.klassert@secunet.com>
Mon, 19 Feb 2018 06:44:07 +0000 (07:44 +0100)
committerSteffen Klassert <steffen.klassert@secunet.com>
Tue, 20 Feb 2018 07:38:57 +0000 (08:38 +0100)
commit013cb81e89f8a70deef086ca29a923faf5585ab0
treea464f9903eef9b342c093857b655e0df297ef08c
parent143a4454daaf0e80a2b9f37159a0d6d2b61e64ed
xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.

On transport mode we forget to fetch the child dst_entry
before we continue the while loop, this leads to an infinite
loop. Fix this by fetching the child dst_entry before we
continue the while loop.

Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst")
Reported-by: syzbot+7d03c810e50aaedef98a@syzkaller.appspotmail.com
Tested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/xfrm/xfrm_policy.c