diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-06-01 05:40:42 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-06-01 05:40:42 +0000 |
| commit | e909419bc6a8d80c4f9825ad2921748cf8a65a8c (patch) | |
| tree | ba5e19d22b32295da8fe499f7354bb4f51493880 | |
| parent | 3b646cf9f99458cfeb077b4e87f0da9e09c312db (diff) | |
Check for invalid TDBs right away in the callbacks.
| -rw-r--r-- | sys/netinet/ip_ah.c | 66 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 66 |
2 files changed, 66 insertions, 66 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 0821daaae26..5fdbf4aef42 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.37 2000/04/25 02:53:46 jason Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.38 2000/06/01 05:40:41 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -644,7 +644,22 @@ ah_input_cb(void *op) protoff = (long) crp->crp_opaque3; m = (struct mbuf *) crp->crp_buf; - tdb->tdb_ref--; + /* + * Check that the TDB is still valid -- not really an error, but + * we need to handle it as such. It may happen if the TDB expired + * or was deleted while there was a pending request in the crypto + * queue. + */ + if (tdb->tdb_flags & TDBF_INVALID) + { + ahstat.ahs_invalid++; + tdb_delete(tdb, 0, 0); + error = ENXIO; + DPRINTF(("ah_input_cb(): TDB expired while processing crypto\n")); + goto baddone; + } + else + tdb->tdb_ref--; /* Check for crypto errors */ if (crp->crp_etype) @@ -673,21 +688,6 @@ ah_input_cb(void *op) goto baddone; } - /* - * Check that the TDB is still valid -- not really an error, but - * we need to handle it as such. It may happen if the TDB expired - * or was deleted while there was a pending request in the crypto - * queue. - */ - if (tdb->tdb_flags & TDBF_INVALID) - { - ahstat.ahs_invalid++; - tdb_delete(tdb, 0, 0); - error = ENXIO; - DPRINTF(("ah_input_cb(): TDB expired while processing crypto\n")); - goto baddone; - } - if (!(tdb->tdb_flags & TDBF_NOREPLAY)) rplen = AH_FLENGTH + sizeof(u_int32_t); else @@ -1086,7 +1086,22 @@ ah_output_cb(void *op) protoff = (long) crp->crp_opaque3; m = (struct mbuf *) crp->crp_buf; - tdb->tdb_ref--; + /* + * Check that the TDB is still valid -- not really an error, but + * we need to handle it as such. It may happen if the TDB expired + * or was deleted while there was a pending request in the crypto + * queue. + */ + if (tdb->tdb_flags & TDBF_INVALID) + { + ahstat.ahs_invalid++; + tdb_delete(tdb, 0, 0); + error = ENXIO; + DPRINTF(("ah_output_cb(): TDB expired while processing crypto\n")); + goto baddone; + } + else + tdb->tdb_ref--; /* Check for crypto errors */ if (crp->crp_etype) @@ -1115,21 +1130,6 @@ ah_output_cb(void *op) goto baddone; } - /* - * Check that the TDB is still valid -- not really an error, but - * we need to handle it as such. It may happen if the TDB expired - * or was deleted while there was a pending request in the crypto - * queue. - */ - if (tdb->tdb_flags & TDBF_INVALID) - { - ahstat.ahs_invalid++; - tdb_delete(tdb, 0, 0); - error = ENXIO; - DPRINTF(("ah_output_cb(): TDB expired while processing crypto\n")); - goto baddone; - } - /* Copy original headers (with the new protocol number) back in place */ m_copyback(m, 0, skip, crp->crp_opaque4); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 683b9a85de3..2dde3a96d35 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.42 2000/05/15 03:36:34 angelos Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.43 2000/06/01 05:40:41 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -474,7 +474,22 @@ esp_input_cb(void *op) protoff = (long) crp->crp_opaque3; m = (struct mbuf *) crp->crp_buf; - tdb->tdb_ref--; + /* + * Check that the TDB is still valid -- not really an error, but + * we need to handle it as such. It may happen if the TDB expired + * or was deleted while there was a pending request in the crypto + * queue. + */ + if (tdb->tdb_flags & TDBF_INVALID) + { + espstat.esps_invalid++; + tdb_delete(tdb, 0, 0); + error = ENXIO; + DPRINTF(("esp_input_cb(): TDB expired while processing crypto\n")); + goto baddone; + } + else + tdb->tdb_ref--; /* Check for crypto errors */ if (crp->crp_etype) @@ -504,21 +519,6 @@ esp_input_cb(void *op) goto baddone; } - /* - * Check that the TDB is still valid -- not really an error, but - * we need to handle it as such. It may happen if the TDB expired - * or was deleted while there was a pending request in the crypto - * queue. - */ - if (tdb->tdb_flags & TDBF_INVALID) - { - espstat.esps_invalid++; - tdb_delete(tdb, 0, 0); - error = ENXIO; - DPRINTF(("esp_input_cb(): TDB expired while processing crypto\n")); - goto baddone; - } - /* If authentication was performed, check now */ if (esph) { @@ -960,7 +960,22 @@ esp_output_cb(void *op) tdb = (struct tdb *) crp->crp_opaque1; m = (struct mbuf *) crp->crp_buf; - tdb->tdb_ref--; + /* + * Check that the TDB is still valid -- not really an error, but + * we need to handle it as such. It may happen if the TDB expired + * or was deleted while there was a pending request in the crypto + * queue. + */ + if (tdb->tdb_flags & TDBF_INVALID) + { + espstat.esps_invalid++; + tdb_delete(tdb, 0, 0); + error = ENXIO; + DPRINTF(("esp_output_cb(): TDB expired while processing crypto\n")); + goto baddone; + } + else + tdb->tdb_ref--; /* Check for crypto errors */ if (crp->crp_etype) @@ -990,21 +1005,6 @@ esp_output_cb(void *op) goto baddone; } - /* - * Check that the TDB is still valid -- not really an error, but - * we need to handle it as such. It may happen if the TDB expired - * or was deleted while there was a pending request in the crypto - * queue. - */ - if (tdb->tdb_flags & TDBF_INVALID) - { - espstat.esps_invalid++; - tdb_delete(tdb, 0, 0); - error = ENXIO; - DPRINTF(("esp_output_cb(): TDB expired while processing crypto\n")); - goto baddone; - } - /* Release crypto descriptors */ crypto_freereq(crp); |