Module Name: src Committed By: maxv Date: Mon Feb 26 06:48:01 UTC 2018
Modified Files: src/sys/netipsec: ipsec.c Log Message: Fix nonsensical checks, neither in6p nor request is allowed to be NULL, and the former is already dereferenced in a kassert. This code should be the same as ipsec4_set_policy. To generate a diff of this commit: cvs rdiff -u -r1.135 -r1.136 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.135 src/sys/netipsec/ipsec.c:1.136 --- src/sys/netipsec/ipsec.c:1.135 Mon Feb 26 06:17:01 2018 +++ src/sys/netipsec/ipsec.c Mon Feb 26 06:48:01 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $ */ +/* $NetBSD: ipsec.c,v 1.136 2018/02/26 06:48:01 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.135 2018/02/26 06:17:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.136 2018/02/26 06:48:01 maxv Exp $"); /* * IPsec controller part. @@ -1511,11 +1511,10 @@ ipsec6_set_policy(struct in6pcb *in6p, i struct secpolicy **policy; KASSERT(!cpu_softintr_p()); + KASSERT(in6p != NULL); KASSERT(in6p_locked(in6p)); + KASSERT(request != NULL); - /* sanity check. */ - if (in6p == NULL || request == NULL) - return EINVAL; if (len < sizeof(*xpl)) return EINVAL; xpl = (const struct sadb_x_policy *)request;