CVS commit: src/sys/netipsec

Sun, 25 Feb 2018 22:35:47 -0800 

Module Name:    src
Committed By:   maxv
Date:           Mon Feb 26 06:34:39 UTC 2018

Modified Files:
        src/sys/netipsec: ipsec_output.c

Log Message:
Fix mbuf mistake: we are using ip6 before it is pulled up properly.


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.68 src/sys/netipsec/ipsec_output.c:1.69
--- src/sys/netipsec/ipsec_output.c:1.68	Wed Feb 21 17:04:52 2018
+++ src/sys/netipsec/ipsec_output.c	Mon Feb 26 06:34:39 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.68 2018/02/21 17:04:52 maxv Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.69 2018/02/26 06:34:39 maxv Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.68 2018/02/21 17:04:52 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.69 2018/02/26 06:34:39 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -739,7 +739,13 @@ ipsec6_process_packet(struct mbuf *m, co
 	KASSERT(sav != NULL);
 	dst = &sav->sah->saidx.dst;
 
-	ip6 = mtod(m, struct ip6_hdr *); /* XXX */
+	if (m->m_len < sizeof(struct ip6_hdr)) {
+		if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) {
+			error = ENOBUFS;
+			goto unrefsav;
+		}
+	}
+	ip6 = mtod(m, struct ip6_hdr *);
 
 	/* Do the appropriate encapsulation, if necessary */
 	if (isr->saidx.mode == IPSEC_MODE_TUNNEL || /* Tunnel requ'd */
@@ -749,21 +755,13 @@ ipsec6_process_packet(struct mbuf *m, co
 	     (!in6_sa_equal_addrwithscope(&dst->sin6, &ip6->ip6_dst)))) {
 		struct mbuf *mp;
 
-		/* Fix IPv6 header payload length. */
-		if (m->m_len < sizeof(struct ip6_hdr)) {
-			if ((m = m_pullup(m,sizeof(struct ip6_hdr))) == NULL) {
-				error = ENOBUFS;
-				goto unrefsav;
-			}
-		}
-
 		if (m->m_pkthdr.len - sizeof(*ip6) > IPV6_MAXPACKET) {
 			/* No jumbogram support. */
 			error = ENXIO;   /*XXX*/
 			goto unrefsav;
 		}
 
-		ip6 = mtod(m, struct ip6_hdr *);
+		/* Fix IPv6 header payload length. */
 		ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(*ip6));
 
 		/* Encapsulate the packet */

Reply via email to