macsec: check return value of skb_to_sgvec always
authorJason A. Donenfeld <Jason@zx2c4.com>
Sun, 4 Jun 2017 02:16:25 +0000 (04:16 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 13 Apr 2018 17:48:19 +0000 (19:48 +0200)
[ Upstream commit cda7ea6903502af34015000e16be290a79f07638 ]

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/net/macsec.c

index 2caac0c37059de5f146595f9f672910105744532..365a48cfcbbf03c1be7cacdfd73c739376871507 100644 (file)
@@ -742,7 +742,12 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
        macsec_fill_iv(iv, secy->sci, pn);
 
        sg_init_table(sg, ret);
-       skb_to_sgvec(skb, sg, 0, skb->len);
+       ret = skb_to_sgvec(skb, sg, 0, skb->len);
+       if (unlikely(ret < 0)) {
+               macsec_txsa_put(tx_sa);
+               kfree_skb(skb);
+               return ERR_PTR(ret);
+       }
 
        if (tx_sc->encrypt) {
                int len = skb->len - macsec_hdr_len(sci_present) -
@@ -949,7 +954,11 @@ static struct sk_buff *macsec_decrypt(struct sk_buff *skb,
        macsec_fill_iv(iv, sci, ntohl(hdr->packet_number));
 
        sg_init_table(sg, ret);
-       skb_to_sgvec(skb, sg, 0, skb->len);
+       ret = skb_to_sgvec(skb, sg, 0, skb->len);
+       if (unlikely(ret < 0)) {
+               kfree_skb(skb);
+               return ERR_PTR(ret);
+       }
 
        if (hdr->tci_an & MACSEC_TCI_E) {
                /* confidentiality: ethernet + macsec header