Module Name: src Committed By: maxv Date: Mon Feb 26 06:53:22 UTC 2018
Modified Files: src/sys/netipsec: ipsec_input.c Log Message: m is never allowed to be NULL, so turn the KASSERT (and the null check) to a panic. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/ipsec_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec_input.c diff -u src/sys/netipsec/ipsec_input.c:1.59 src/sys/netipsec/ipsec_input.c:1.60 --- src/sys/netipsec/ipsec_input.c:1.59 Mon Feb 26 06:17:01 2018 +++ src/sys/netipsec/ipsec_input.c Mon Feb 26 06:53:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $ */ +/* $NetBSD: ipsec_input.c,v 1.60 2018/02/26 06:53:22 maxv Exp $ */ /* $FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */ /* $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.59 2018/02/26 06:17:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.60 2018/02/26 06:53:22 maxv Exp $"); /* * IPsec input processing. @@ -329,7 +329,10 @@ ipsec4_common_input_cb(struct mbuf *m, s IPSEC_SPLASSERT_SOFTNET("ipsec4_common_input_cb"); - KASSERT(m != NULL); + if (__predict_false(m == NULL)) { + panic("%s: NULL mbuf", __func__); + } + KASSERT(sav != NULL); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; @@ -339,14 +342,6 @@ ipsec4_common_input_cb(struct mbuf *m, s sproto == IPPROTO_IPCOMP, "unexpected security protocol %u", sproto); - /* Sanity check */ - if (m == NULL) { - IPSECLOG(LOG_DEBUG, "null mbuf"); - IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR, - IPCOMP_STAT_BADKCR); - return EINVAL; - } - /* Fix IPv4 header */ if (skip != 0) { if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) { @@ -548,7 +543,10 @@ ipsec6_common_input_cb(struct mbuf *m, s u_int8_t prot, nxt8; int error, nest; - KASSERT(m != NULL); + if (__predict_false(m == NULL)) { + panic("%s: NULL mbuf", __func__); + } + KASSERT(sav != NULL); saidx = &sav->sah->saidx; af = saidx->dst.sa.sa_family; @@ -558,15 +556,6 @@ ipsec6_common_input_cb(struct mbuf *m, s sproto == IPPROTO_IPCOMP, "unexpected security protocol %u", sproto); - /* Sanity check */ - if (m == NULL) { - IPSECLOG(LOG_DEBUG, "null mbuf"); - IPSEC_ISTAT(sproto, ESP_STAT_BADKCR, AH_STAT_BADKCR, - IPCOMP_STAT_BADKCR); - error = EINVAL; - goto bad; - } - /* Fix IPv6 header */ if (m->m_len < sizeof(struct ip6_hdr) && (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {