Module Name: src Committed By: martin Date: Thu Jun 7 16:22:43 UTC 2018
Modified Files: src/sys/net [netbsd-8]: if_ipsec.c Log Message: Pull up following revision(s) (requested by knakahara in ticket #840): sys/net/if_ipsec.c: revision 1.15,1.16 Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks. Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed. Fix the following two issues. - remove extra padding of sizeof(xisr) when adding ipsec policy - add padding for xpl when adding discard policy To generate a diff of this commit: cvs rdiff -u -r1.3.2.8 -r1.3.2.9 src/sys/net/if_ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/if_ipsec.c diff -u src/sys/net/if_ipsec.c:1.3.2.8 src/sys/net/if_ipsec.c:1.3.2.9 --- src/sys/net/if_ipsec.c:1.3.2.8 Thu Jun 7 16:19:47 2018 +++ src/sys/net/if_ipsec.c Thu Jun 7 16:22:43 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $ */ +/* $NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $ */ /* * Copyright (c) 2017 Internet Initiative Japan Inc. @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_inet.h" @@ -1591,6 +1591,7 @@ if_ipsec_add_sp0(struct sockaddr *src, i if_ipsec_add_pad(m, padlen); if_ipsec_add_mbuf(m, &xpl, sizeof(xpl)); + padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl); if (policy == IPSEC_POLICY_IPSEC) { if_ipsec_add_mbuf(m, &xisr, sizeof(xisr)); /* @@ -1599,10 +1600,9 @@ if_ipsec_add_sp0(struct sockaddr *src, i */ if_ipsec_add_mbuf_addr_port(m, src, sport, false); if_ipsec_add_mbuf_addr_port(m, dst, dport, false); - } - padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl); - if (src != NULL && dst != NULL) + padlen -= PFKEY_ALIGN8(sizeof(xisr)); padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len); + } if_ipsec_add_pad(m, padlen); /* key_kpi_spdadd() has already done KEY_SP_REF(). */