diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-12-26 20:46:14 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 1999-12-26 20:46:14 +0000 |
commit | 4b89c162e059c9135660a361991f00bb48a76a58 (patch) | |
tree | 8ec0106bb83b3421e2f78e85ecd0d466354a3758 | |
parent | fc821163c02e81943e884ea3de3f5d340ecc9b59 (diff) |
Correctly initialize loop variables when not doing authentication with
ESP (bug reported by provos@)
-rw-r--r-- | sys/netinet/ip_esp_new.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index f65799d8751..7c0d9d7e570 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.55 1999/12/09 20:22:03 angelos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.56 1999/12/26 20:46:13 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -339,6 +339,20 @@ esp_new_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } + /* + * Skip forward to the beginning of the ESP header. If we run out + * of mbufs in the process, the check inside the following while() + * loop will catch it. + */ + for (mo = m, i = 0; mo && i + mo->m_len <= skip; mo = mo->m_next) + i += mo->m_len; + + off = skip - i; + + /* Preserve these for later processing */ + roff = off; + m1 = mo; + /* Verify the authenticator */ if (esph) { @@ -347,20 +361,6 @@ esp_new_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff) /* Copy the authentication data */ m_copydata(m, m->m_pkthdr.len - alen, alen, iv); - /* - * Skip forward to the beginning of the ESP header. If we run out - * of mbufs in the process, the check inside the following while() - * loop will catch it. - */ - for (mo = m, i = 0; mo && i + mo->m_len <= skip; mo = mo->m_next) - i += mo->m_len; - - off = skip - i; - - /* Preserve these for later processing */ - roff = off; - m1 = mo; - while (oplen > 0) { if (mo == NULL) |