CVS commit: src/sys/netipsec

Sun, 25 Feb 2018 22:53:46 -0800 

Module Name:    src
Committed By:   maxv
Date:           Mon Feb 26 06:53:22 UTC 2018

Modified Files:
        src/sys/netipsec: ipsec_input.c

Log Message:
m is never allowed to be NULL, so turn the KASSERT (and the null check)
to a panic.


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.59 src/sys/netipsec/ipsec_input.c:1.60
--- src/sys/netipsec/ipsec_input.c:1.59	Mon Feb 26 06:17:01 2018
+++ src/sys/netipsec/ipsec_input.c	Mon Feb 26 06:53:22 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.60 2018/02/26 06:53:22 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.60 2018/02/26 06:53:22 maxv Exp $");
 
 /*
  * IPsec input processing.
@@ -329,7 +329,10 @@ ipsec4_common_input_cb(struct mbuf *m, s
 
 	IPSEC_SPLASSERT_SOFTNET("ipsec4_common_input_cb");
 
-	KASSERT(m != NULL);
+	if (__predict_false(m == NULL)) {
+		panic("%s: NULL mbuf", __func__);
+	}
+
 	KASSERT(sav != NULL);
 	saidx = &sav->sah->saidx;
 	af = saidx->dst.sa.sa_family;
@@ -339,14 +342,6 @@ ipsec4_common_input_cb(struct mbuf *m, s
 	    sproto == IPPROTO_IPCOMP,
 	    "unexpected security protocol %u", sproto);
 
-	/* Sanity check */
-	if (m == NULL) {
-		IPSECLOG(LOG_DEBUG, "null mbuf");
-		IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR,
-		    IPCOMP_STAT_BADKCR);
-		return EINVAL;
-	}
-
 	/* Fix IPv4 header */
 	if (skip != 0) {
 		if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
@@ -548,7 +543,10 @@ ipsec6_common_input_cb(struct mbuf *m, s
 	u_int8_t prot, nxt8;
 	int error, nest;
 
-	KASSERT(m != NULL);
+	if (__predict_false(m == NULL)) {
+		panic("%s: NULL mbuf", __func__);
+	}
+
 	KASSERT(sav != NULL);
 	saidx = &sav->sah->saidx;
 	af = saidx->dst.sa.sa_family;
@@ -558,15 +556,6 @@ ipsec6_common_input_cb(struct mbuf *m, s
 	    sproto == IPPROTO_IPCOMP,
 	    "unexpected security protocol %u", sproto);
 
-	/* Sanity check */
-	if (m == NULL) {
-		IPSECLOG(LOG_DEBUG, "null mbuf");
-		IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR,
-		    IPCOMP_STAT_BADKCR);
-		error = EINVAL;
-		goto bad;
-	}
-
 	/* Fix IPv6 header */
 	if (m->m_len < sizeof(struct ip6_hdr) &&
 	    (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {

Reply via email to