xfrm: Fix return value check of copy_sec_ctx.

A recent commit added an output_mark. When copying this output_mark, the return value of copy_sec_ctx is overwitten without a check. Fix this by copying the output_mark before the security context. Fixes: 077fbac405bf ("net: xfrm: support setting an output mark.") Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Steffen Klassert <steffen.klassert@secunet.com> 2017-08-31 10:37:00 +0200
committer: Steffen Klassert <steffen.klassert@secunet.com> 2017-08-31 10:37:00 +0200
commit: 8598112d04af21cf6c895670e72dcb8a9f58e74f (patch)
tree: c6b511f110886721df58d8c520fb813485caa24e
parent: 47ebcc0bb1d5eb7f1b1eeab675409ea7f67b4a5c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index cc3268d814b4..490132d6dc36 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -900,13 +900,13 @@ static int copy_to_user_state_extra(struct xfrm_state *x,
 		ret = copy_user_offload(&x->xso, skb);
 	if (ret)
 		goto out;
-	if (x->security)
-		ret = copy_sec_ctx(x->security, skb);
 	if (x->props.output_mark) {
 		ret = nla_put_u32(skb, XFRMA_OUTPUT_MARK, x->props.output_mark);
 		if (ret)
 			goto out;
 	}
+	if (x->security)
+		ret = copy_sec_ctx(x->security, skb);
 out:
 	return ret;
 }
author	Steffen Klassert <steffen.klassert@secunet.com>	2017-08-31 10:37:00 +0200
committer	Steffen Klassert <steffen.klassert@secunet.com>	2017-08-31 10:37:00 +0200
commit	8598112d04af21cf6c895670e72dcb8a9f58e74f (patch)
tree	c6b511f110886721df58d8c520fb813485caa24e
parent	47ebcc0bb1d5eb7f1b1eeab675409ea7f67b4a5c (diff)