Add check for the return value of pfkey_sadb2xfrm_user_sec_ctx()
in pfkey_compile_policy(), and set proper error flag.

Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
---
Changes in v2:
- Set error flag '*dir' properly.
- Hi, Steffen! I know that inside pfkey_sadb2xfrm_user_sec_ctx(), null
value check has been done. This patch does the null value check after
pfkey_sadb2xfrm_user_sec_ctx() being called in pfkey_compile_policy().
Also, set proper error flag if pfkey_sadb2xfrm_user_sec_ctx() returns
null. This patch code is similar to [1]. Thanks, Steffen!

[1]https://github.com/torvalds/linux/blob/master/net/key/af_key.c#L2404
---
 net/key/af_key.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/key/af_key.c b/net/key/af_key.c
index efc2a91f4c48..9cd14a31a427 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3335,6 +3335,11 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
 		if ((*dir = verify_sec_ctx_len(p)))
 			goto out;
 		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
+		if (!uctx) {
+			*dir = -ENOMEM;
+			goto out;
+		}
+
 		*dir = security_xfrm_policy_alloc(&xp->security, uctx, GFP_ATOMIC);
 		kfree(uctx);
 
-- 
2.25.1