Patchwork [10/10] netfilter: nf_nat: missing condition in nf_xfrm_me_harder()

login
register
mail settings
Submitter Pablo Neira
Date April 25, 2013, 12:22 a.m.
Message ID <1366849341-10466-11-git-send-email-pablo@netfilter.org>
Download mbox | patch
Permalink /patch/239349/
State Accepted
Headers show

Comments

Pablo Neira - April 25, 2013, 12:22 a.m.
From: Dan Carpenter <dan.carpenter@oracle.com>

This if statement was accidentally dropped in (aaa795a netfilter:
nat: propagate errors from xfrm_me_harder()) so now it returns
unconditionally.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_nat_core.c |    1 +
 1 file changed, 1 insertion(+)

Patch

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 346f871..cf1c731 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -90,6 +90,7 @@  int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
 	int err;
 
 	err = xfrm_decode_session(skb, &fl, family);
+	if (err < 0)
 		return err;
 
 	dst = skb_dst(skb);