From: Jesper Juhl <jesper.juhl@xxxxxxxxx>Arrgh, you are right. I really need to check call sites more carefully :(
Date: Mon, 27 Nov 2006 22:44:07 +0100
> In net/key/af_key.c::pfkey_send_policy_notify() there's a check at the
> beginning of the function :
>
> if (xp && xp->type != XFRM_POLICY_TYPE_MAIN)
>
> this implies that 'xp' may be null when the function is called. But later
> on in the function we have this code :
>
> return key_notify_policy(xp, dir, c);
>
> key_notify_policy() passes 'xp' to pfkey_xfrm_policy2msg_prep() that pass
> it on to pfkey_xfrm_policy2msg_size() which dereferences it.
> key_notify_policy() also passes 'xp' to pfkey_xfrm_policy2msg() which
> also dereferences it.
>
> So, in pfkey_send_policy_notify() in the cases where we end up calling
> key_notify_policy(), we should test 'xp' for NULL.
>
> (note: patch is compile tested only)
>
>
> Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
We really need to teach your automated tool about context.
The NULL case can only occur for XFRM_MSG_FLUSHPOLICY.
Look at the km_policy_notify() call sites. You can even see from the
net/xfrm/xfrm_user.c:xfrm_send_policy_notify() implementation of this
callback that for XFRM_MSG_FLUSHPOLICY the "xp" argument is ignored.