CVS commit: [netbsd-8] src/sys/net

Thu, 07 Jun 2018 09:23:02 -0700 

Module Name:    src
Committed By:   martin
Date:           Thu Jun  7 16:22:43 UTC 2018

Modified Files:
        src/sys/net [netbsd-8]: if_ipsec.c

Log Message:
Pull up following revision(s) (requested by knakahara in ticket #840):

        sys/net/if_ipsec.c: revision 1.15,1.16

Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, 
thanks.
Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed.

Fix the following two issues.
    - remove extra padding of sizeof(xisr) when adding ipsec policy
    - add padding for xpl when adding discard policy


To generate a diff of this commit:
cvs rdiff -u -r1.3.2.8 -r1.3.2.9 src/sys/net/if_ipsec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if_ipsec.c
diff -u src/sys/net/if_ipsec.c:1.3.2.8 src/sys/net/if_ipsec.c:1.3.2.9
--- src/sys/net/if_ipsec.c:1.3.2.8	Thu Jun  7 16:19:47 2018
+++ src/sys/net/if_ipsec.c	Thu Jun  7 16:22:43 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $  */
+/*	$NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $  */
 
 /*
  * Copyright (c) 2017 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.8 2018/06/07 16:19:47 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ipsec.c,v 1.3.2.9 2018/06/07 16:22:43 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1591,6 +1591,7 @@ if_ipsec_add_sp0(struct sockaddr *src, i
 	if_ipsec_add_pad(m, padlen);
 
 	if_ipsec_add_mbuf(m, &xpl, sizeof(xpl));
+	padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl);
 	if (policy == IPSEC_POLICY_IPSEC) {
 		if_ipsec_add_mbuf(m, &xisr, sizeof(xisr));
 		/*
@@ -1599,10 +1600,9 @@ if_ipsec_add_sp0(struct sockaddr *src, i
 		 */
 		if_ipsec_add_mbuf_addr_port(m, src, sport, false);
 		if_ipsec_add_mbuf_addr_port(m, dst, dport, false);
-	}
-	padlen = PFKEY_UNUNIT64(xpl.sadb_x_policy_len) - sizeof(xpl);
-	if (src != NULL && dst != NULL)
+		padlen -= PFKEY_ALIGN8(sizeof(xisr));
 		padlen -= PFKEY_ALIGN8(src->sa_len + dst->sa_len);
+	}
 	if_ipsec_add_pad(m, padlen);
 
 	/* key_kpi_spdadd() has already done KEY_SP_REF(). */

Reply via email to