Module Name: src
Committed By: martin
Date: Sun Apr 1 09:20:23 UTC 2018
Modified Files:
src/sys/netinet6 [netbsd-6-0]: ip6_forward.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1540):
sys/netinet6/ip6_forward.c: revision 1.91 (via patch)
Fix two pretty bad mistakes. If ipsec6_check_policy fails m is not freed,
and a 'goto out' is missing after ipsec6_process_packet.
To generate a diff of this commit:
cvs rdiff -u -r1.69.6.1 -r1.69.6.2 src/sys/netinet6/ip6_forward.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.69.6.1 src/sys/netinet6/ip6_forward.c:1.69.6.2
--- src/sys/netinet6/ip6_forward.c:1.69.6.1 Tue Mar 13 16:43:03 2018
+++ src/sys/netinet6/ip6_forward.c Sun Apr 1 09:20:22 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_forward.c,v 1.69.6.1 2018/03/13 16:43:03 snj Exp $ */
+/* $NetBSD: ip6_forward.c,v 1.69.6.2 2018/04/01 09:20:22 martin Exp $ */
/* $KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69.6.1 2018/03/13 16:43:03 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.69.6.2 2018/04/01 09:20:22 martin Exp $");
#include "opt_gateway.h"
#include "opt_ipsec.h"
@@ -361,9 +361,10 @@ ip6_forward(struct mbuf *m, int srcrt)
* because we asked key management for an SA and
* it was delayed (e.g. kicked up to IKE).
*/
- if (error == -EINVAL)
- error = 0;
- goto freecopy;
+ if (error == -EINVAL)
+ error = 0;
+ m_freem(m);
+ goto freecopy;
}
#endif /* FAST_IPSEC */
@@ -467,8 +468,10 @@ ip6_forward(struct mbuf *m, int srcrt)
s = splsoftnet();
error = ipsec6_process_packet(m,sp->req);
splx(s);
+ /* m is freed */
if (mcopy)
goto freecopy;
+ return;
}
#endif
