Module Name: src
Committed By: ozaki-r
Date: Tue Oct 17 07:13:19 UTC 2017
Modified Files:
src/usr.sbin/inetd: inetd.c
Log Message:
Don't setup SPs if no policy sepecifier is specified
We expect that SPs are set up iff some policy sepecifier(s) are specified.
Found on investigating an issue reported by Robert Swindells
To generate a diff of this commit:
cvs rdiff -u -r1.123 -r1.124 src/usr.sbin/inetd/inetd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/inetd/inetd.c
diff -u src/usr.sbin/inetd/inetd.c:1.123 src/usr.sbin/inetd/inetd.c:1.124
--- src/usr.sbin/inetd/inetd.c:1.123 Wed Feb 15 02:48:31 2017
+++ src/usr.sbin/inetd/inetd.c Tue Oct 17 07:13:19 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: inetd.c,v 1.123 2017/02/15 02:48:31 elric Exp $ */
+/* $NetBSD: inetd.c,v 1.124 2017/10/17 07:13:19 ozaki-r Exp $ */
/*-
* Copyright (c) 1998, 2003 The NetBSD Foundation, Inc.
@@ -66,7 +66,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 19
#if 0
static char sccsid[] = "@(#)inetd.c 8.4 (Berkeley) 4/13/94";
#else
-__RCSID("$NetBSD: inetd.c,v 1.123 2017/02/15 02:48:31 elric Exp $");
+__RCSID("$NetBSD: inetd.c,v 1.124 2017/10/17 07:13:19 ozaki-r Exp $");
#endif
#endif /* not lint */
@@ -1088,13 +1088,16 @@ setsockopt(fd, SOL_SOCKET, opt, &on, (so
}
#endif
#ifdef IPSEC
- if (ipsecsetup(sep->se_family, sep->se_fd, sep->se_policy) < 0 &&
- sep->se_policy) {
- syslog(LOG_ERR, "%s/%s: ipsec setup failed",
- sep->se_service, sep->se_proto);
- (void)close(sep->se_fd);
- sep->se_fd = -1;
- return;
+ /* Avoid setting a policy if a policy specifier doesn't exist. */
+ if (sep->se_policy != NULL) {
+ int e = ipsecsetup(sep->se_family, sep->se_fd, sep->se_policy);
+ if (e < 0) {
+ syslog(LOG_ERR, "%s/%s: ipsec setup failed",
+ sep->se_service, sep->se_proto);
+ (void)close(sep->se_fd);
+ sep->se_fd = -1;
+ return;
+ }
}
#endif
