Author: fabient
Date: Thu Mar 31 13:14:24 2011
New Revision: 220194
URL: http://svn.freebsd.org/changeset/base/220194
Log:
Fix two SA refcount:
- AH does not release the SA like in ESP/IPCOMP when handling EAGAIN
- ipsec_process_done incorrectly release the SA.
Reviewed by: vanhu
MFC after: 1 week
Modified:
head/sys/netipsec/ipsec_output.c
head/sys/netipsec/xform_ah.c
Modified: head/sys/netipsec/ipsec_output.c
==============================================================================
--- head/sys/netipsec/ipsec_output.c Thu Mar 31 13:06:51 2011
(r220193)
+++ head/sys/netipsec/ipsec_output.c Thu Mar 31 13:14:24 2011
(r220194)
@@ -247,7 +247,6 @@ ipsec_process_done(struct mbuf *m, struc
panic("ipsec_process_done");
bad:
m_freem(m);
- KEY_FREESAV(&sav);
return (error);
}
Modified: head/sys/netipsec/xform_ah.c
==============================================================================
--- head/sys/netipsec/xform_ah.c Thu Mar 31 13:06:51 2011
(r220193)
+++ head/sys/netipsec/xform_ah.c Thu Mar 31 13:14:24 2011
(r220194)
@@ -785,6 +785,7 @@ ah_input_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
+ KEY_FREESAV(&sav);
error = crypto_dispatch(crp);
return error;
}
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
