[10/10] netfilter: nf_nat: missing condition in nf_xfrm_me_harder()

Submitted by Pablo Neira on April 25, 2013, 12:22 a.m.

Details

Message ID 1366849341-10466-11-git-send-email-pablo@netfilter.org
State Accepted
Headers show

Commit Message

Pablo Neira April 25, 2013, 12:22 a.m.
From: Dan Carpenter <dan.carpenter@oracle.com>

This if statement was accidentally dropped in (aaa795a netfilter:
nat: propagate errors from xfrm_me_harder()) so now it returns
unconditionally.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_nat_core.c |    1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 346f871..cf1c731 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -90,6 +90,7 @@  int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
 	int err;
 
 	err = xfrm_decode_session(skb, &fl, family);
+	if (err < 0)
 		return err;
 
 	dst = skb_dst(skb);