pktgen: do not access flows[] beyond its length

[ Upstream commit 5b5f792a6a9a2f9ae812d151ed621f72e99b1725 ]

typo -- pkt_dev->nflows is for stats only, the number of concurrent
flows is stored in cflows.

Reported-By: Vladimir Ivashchenko <hazard@francoudi.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index a756847..86714d1 100644 (file)
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2449,7 +2449,7 @@ static inline void free_SAs(struct pktgen_dev *pkt_dev)
        if (pkt_dev->cflows) {
                /* let go of the SAs if we have them */
                int i = 0;
-               for (;  i < pkt_dev->nflows; i++){
+               for (;  i < pkt_dev->cflows; i++) {
                        struct xfrm_state *x = pkt_dev->flows[i].x;
                        if (x) {
                                xfrm_state_put(x);