diff options
| author |   patrick <patrick@openbsd.org> | 2017-03-13 14:19:08 +0000 |
|---|---|---|
| committer | patrick <patrick@openbsd.org> | 2017-03-13 14:19:08 +0000 |
| commit | b0d5ea1d585f37f3e881b850573b2f5100647aa9 (patch) | |
| tree | 5175c7e8675aa07c044d4ca6c5198e12db2ecec9 | |
| parent | for each sysctl name, attach the variable name as seen by sysctl(8); (diff) | |
| download | wireguard-openbsd-b0d5ea1d585f37f3e881b850573b2f5100647aa9.tar.xz wireguard-openbsd-b0d5ea1d585f37f3e881b850573b2f5100647aa9.zip | |
We need to call policy_ref() for policies that have refcounting
enabled. Refcounting is enabled when a policy is removed during
'ikectl reload' and still has SAs point to it. On IKESA rekeying
such a policy will be referenced by the new IKESA, so we need to
adjust the refcount -- otherwise the policies get free()d too
early and we will crash at some point.
ok markus@ mikeb@ reyk@
| -rw-r--r-- | sbin/iked/policy.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index c9987f09e1f..e401f14817c 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.42 2016/06/01 11:16:41 patrick Exp $ */ +/* $OpenBSD: policy.c,v 1.43 2017/03/13 14:19:08 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -343,7 +343,15 @@ sa_new(struct iked *env, uint64_t ispi, uint64_t rspi, if (initiator && sa->sa_hdr.sh_rspi == 0 && rspi) sa->sa_hdr.sh_rspi = rspi; - if (sa->sa_policy == NULL) { + if (pol == NULL && sa->sa_policy == NULL) + fatalx("%s: sa %p no policy", __func__, sa); + else if (sa->sa_policy == NULL) { + /* Increment refcount if the policy has refcounting enabled. */ + if (pol->pol_flags & IKED_POLICY_REFCNT) { + log_info("%s: sa %p old pol %p pol_refcnt %d", + __func__, sa, pol, pol->pol_refcnt); + policy_ref(env, pol); + } sa->sa_policy = pol; TAILQ_INSERT_TAIL(&pol->pol_sapeers, sa, sa_peer_entry); } else |