Module Name: src
Committed By: maxv
Date: Mon Feb 26 06:48:01 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Fix nonsensical checks, neither in6p nor request is allowed to be NULL,
and the former is already dereferenced in a kassert. This code should be
the same as ipsec4_set_policy.
To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.135 src/sys/netipsec/ipsec.c:1.136
--- src/sys/netipsec/ipsec.c:1.135 Mon Feb 26 06:17:01 2018
+++ src/sys/netipsec/ipsec.c Mon Feb 26 06:48:01 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.136 2018/02/26 06:48:01 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.136 2018/02/26 06:48:01 maxv Exp $");
/*
* IPsec controller part.
@@ -1511,11 +1511,10 @@ ipsec6_set_policy(struct in6pcb *in6p, i
struct secpolicy **policy;
KASSERT(!cpu_softintr_p());
+ KASSERT(in6p != NULL);
KASSERT(in6p_locked(in6p));
+ KASSERT(request != NULL);
- /* sanity check. */
- if (in6p == NULL || request == NULL)
- return EINVAL;
if (len < sizeof(*xpl))
return EINVAL;
xpl = (const struct sadb_x_policy *)request;
