CVS commit: src/sys/netipsec

Tue, 30 May 2017 21:01:55 -0700 

Module Name:    src
Committed By:   ozaki-r
Date:           Wed May 31 04:01:22 UTC 2017

Modified Files:
        src/sys/netipsec: key.c

Log Message:
Sanity-check and return on error early

And delay initializing local variables until they're actually used.


To generate a diff of this commit:
cvs rdiff -u -r1.151 -r1.152 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.151 src/sys/netipsec/key.c:1.152
--- src/sys/netipsec/key.c:1.151	Wed May 31 01:31:07 2017
+++ src/sys/netipsec/key.c	Wed May 31 04:01:21 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.152 2017/05/31 04:01:21 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.152 2017/05/31 04:01:21 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -1884,12 +1884,8 @@ key_spdadd(struct socket *so, struct mbu
 		lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 	}
 
-	src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
-	dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
 	xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 
-	key_init_spidx_bymsghdr(&spidx, mhp);
-
 	/* checking the direciton. */
 	switch (xpl0->sadb_x_policy_dir) {
 	case IPSEC_DIR_INBOUND:
@@ -1916,6 +1912,17 @@ key_spdadd(struct socket *so, struct mbu
 		return key_senderror(so, m, EINVAL);
 	}
 
+	src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
+	dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
+
+	/* sanity check on addr pair */
+	if (src->sa_family != dst->sa_family)
+		return key_senderror(so, m, EINVAL);
+	if (src->sa_len != dst->sa_len)
+		return key_senderror(so, m, EINVAL);
+
+	key_init_spidx_bymsghdr(&spidx, mhp);
+
 	/*
 	 * checking there is SP already or not.
 	 * SPDUPDATE doesn't depend on whether there is a SP or not.
@@ -1951,17 +1958,6 @@ key_spdadd(struct socket *so, struct mbu
 	}
 
 	key_init_spidx_bymsghdr(&newsp->spidx, mhp);
-
-	/* sanity check on addr pair */
-	if (src->sa_family != dst->sa_family) {
-		kmem_free(newsp, sizeof(*newsp));
-		return key_senderror(so, m, EINVAL);
-	}
-	if (src->sa_len != dst->sa_len) {
-		kmem_free(newsp, sizeof(*newsp));
-		return key_senderror(so, m, EINVAL);
-	}
-
 	newsp->created = time_uptime;
 	newsp->lastused = newsp->created;
 	newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;

Reply via email to