Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzi...

[linux-2.6] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 1d66fb42c9cbe87f81b56fd5e5de06fbcd9c096e..b91b16671c1e78842f3e6b1496e0ef880c636a66 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1318,8 +1318,9 @@ restart:
 
        if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {
                policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
+               err = PTR_ERR(policy);
                if (IS_ERR(policy))
-                       return PTR_ERR(policy);
+                       goto dropdst;
        }
 
        if (!policy) {
@@ -1330,8 +1331,9 @@ restart:
 
                policy = flow_cache_lookup(fl, dst_orig->ops->family,
                                           dir, xfrm_policy_lookup);
+               err = PTR_ERR(policy);
                if (IS_ERR(policy))
-                       return PTR_ERR(policy);
+                       goto dropdst;
        }
 
        if (!policy)
@@ -1344,6 +1346,7 @@ restart:
        xfrm_nr += pols[0]->xfrm_nr;
 
        switch (policy->action) {
+       default:
        case XFRM_POLICY_BLOCK:
                /* Prohibit the flow */
                err = -EPERM;
@@ -1500,8 +1503,9 @@ restart:
        return 0;
 
 error:
-       dst_release(dst_orig);
        xfrm_pols_put(pols, npols);
+dropdst:
+       dst_release(dst_orig);
        *dst_p = NULL;
        return err;
 }
@@ -1941,7 +1945,7 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
                        return 0;
 
                if (strict && fl &&
-                   !(dst->xfrm->mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
+                   !(dst->xfrm->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
                    !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
                        return 0;