diff options
| author |   millert <millert@openbsd.org> | 2003-04-02 20:09:26 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2003-04-02 20:09:26 +0000 |
| commit | 90596d0e3c7df7a44cdb5b749b6db9c1c999bb02 (patch) | |
| tree | a658d7f6caeb4a7290823644fe5a31f758bb7e22 /sys/netinet/ip_ipcomp.c | |
| parent | strlcpy; millert ok (diff) | |
| download | wireguard-openbsd-90596d0e3c7df7a44cdb5b749b6db9c1c999bb02.tar.xz wireguard-openbsd-90596d0e3c7df7a44cdb5b749b6db9c1c999bb02.zip | |
o sanity check mbuf earlier.
o return errno, not NULL.
o add some missing error values
o proper crypto_freereq() in ip_ipcomp.c
From Patrick Latifi; OK angelos@
Diffstat (limited to 'sys/netinet/ip_ipcomp.c')
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 62 |
1 files changed, 34 insertions, 28 deletions
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index f3ce1e56988..9530b0efc0a 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.13 2003/03/31 20:52:06 millert Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.14 2003/04/02 20:09:26 millert Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -226,7 +226,16 @@ ipcomp_input_cb(op) tc = (struct tdb_crypto *) crp->crp_opaque; skip = tc->tc_skip; protoff = tc->tc_protoff; + m = (struct mbuf *) crp->crp_buf; + if (m == NULL) { + /* Shouldn't happen... */ + FREE(tc, M_XDATA); + crypto_freereq(crp); + ipcompstat.ipcomps_crypto++; + DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n")); + return (EINVAL); + } s = spltdb(); @@ -250,9 +259,8 @@ ipcomp_input_cb(op) FREE(tc, M_XDATA); pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb); - splx(s); - m_freem(m); - return ENXIO; + error = ENXIO; + goto baddone; } /* Notify on soft expiration */ if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && @@ -279,34 +287,25 @@ ipcomp_input_cb(op) } FREE(tc, M_XDATA); - /* Shouldn't happen... */ - if (m == NULL) { - ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n")); - error = EINVAL; - goto baddone; - } - /* Release the crypto descriptors */ - crypto_freereq(crp); - /* Length of data after processing */ clen = crp->crp_olen; /* In case it's not done already, adjust the size of the mbuf chain */ m->m_pkthdr.len = clen + hlen + skip; - if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) + if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) { + error = ENOBUFS; goto baddone; + } /* Find the beginning of the IPCOMP header */ m1 = m_getptr(m, skip, &roff); if (m1 == NULL) { ipcompstat.ipcomps_hdrops++; - splx(s); DPRINTF(("ipcomp_input_cb(): bad mbuf chain, IPCA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi))); - m_freem(m); - return EINVAL; + error = EINVAL; + goto baddone; } /* Keep the next protocol field */ addr = (caddr_t) mtod(m, struct ip *) + skip; @@ -349,6 +348,9 @@ ipcomp_input_cb(op) m->m_pkthdr.len -= hlen; } + /* Release the crypto descriptors */ + crypto_freereq(crp); + /* Restore the Next Protocol field */ m_copyback(m, protoff, sizeof(u_int8_t), (u_int8_t *) & nproto); @@ -362,6 +364,7 @@ baddone: if (m) m_freem(m); + crypto_freereq(crp); return error; @@ -627,10 +630,20 @@ ipcomp_output_cb(cp) #endif tc = (struct tdb_crypto *) crp->crp_opaque; - m = (struct mbuf *) crp->crp_buf; skip = tc->tc_skip; rlen = crp->crp_ilen - skip; + m = (struct mbuf *) crp->crp_buf; + if (m == NULL) { + /* Shouldn't happen... */ + FREE(tc, M_XDATA); + crypto_freereq(crp); + ipcompstat.ipcomps_crypto++; + DPRINTF(("ipcomp_output_cb(): bogus returned buffer from " + "crypto\n")); + return (EINVAL); + } + s = spltdb(); tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto); @@ -638,6 +651,7 @@ ipcomp_output_cb(cp) FREE(tc, M_XDATA); ipcompstat.ipcomps_notdb++; DPRINTF(("ipcomp_output_cb(): TDB expired while in crypto\n")); + error = EPERM; goto baddone; } @@ -659,15 +673,6 @@ ipcomp_output_cb(cp) } FREE(tc, M_XDATA); - /* Shouldn't happen... */ - if (m == NULL) { - ipcompstat.ipcomps_crypto++; - DPRINTF(("ipcomp_output_cb(): bogus returned buffer from " - "crypto\n")); - error = EINVAL; - goto baddone; - } - /* Check sizes. */ if (rlen < crp->crp_olen) { /* Compression was useless, we have lost time. */ @@ -715,6 +720,7 @@ ipcomp_output_cb(cp) baddone: splx(s); + if (m) m_freem(m); |