src - OpenBSD base system

diff options


context:
space:
mode:

author	Jason Wright <jason@cvs.openbsd.org>	2003-02-28 21:42:57 +0000
committer	Jason Wright <jason@cvs.openbsd.org>	2003-02-28 21:42:57 +0000
commit	97728e76f39f9322dad6b4f94fb8dda1e7c58d5a (patch)
tree	c770a003f86b91db0b4d4efca982295c42a2ceee
parent	5731905f84be75a3bdaf332be1f8b2151ae00aa6 (diff)

Based on several comments from tedu:

- two variables 'err' and 'error', whacked - missing initialization in the error path for the case where an SA expired while off in crypto land. - a small bit of knf.

Diffstat

-rw-r--r--

sys/netinet/ip_ah.c

-rw-r--r--

sys/netinet/ip_esp.c

2 files changed, 14 insertions, 12 deletions

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index c8a6ca640db..48f845e8c46 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ah.c,v 1.71 2003/02/12 14:41:07 jason Exp $ */

+/* $OpenBSD: ip_ah.c,v 1.72 2003/02/28 21:42:56 jason Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr) and

@@ -684,7 +684,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)

int

ah_input_cb(void *op)

{

- int roff, rplen, error, skip, protoff;

+ int s, roff, rplen, error, skip, protoff;

unsigned char calc[AH_ALEN_MAX];

struct mbuf *m1, *m0, *m;

struct cryptodesc *crd;

@@ -696,7 +696,6 @@ ah_input_cb(void *op)

u_int32_t btsx;

u_int8_t prot;

caddr_t ptr;

- int s, err;

crp = (struct cryptop *) op;

crd = crp->crp_desc;

@@ -714,6 +713,7 @@ ah_input_cb(void *op)

FREE(tc, M_XDATA);

ahstat.ahs_notdb++;

DPRINTF(("ah_input_cb(): TDB is expired while in crypto"));

+ error = EPERM;

goto baddone;

}

@@ -903,9 +903,9 @@ ah_input_cb(void *op)

m->m_pkthdr.len -= rplen + ahx->authsize;

}

- err = ipsec_common_input_cb(m, tdb, skip, protoff, mtag);

+ error = ipsec_common_input_cb(m, tdb, skip, protoff, mtag);

splx(s);

- return err;

+ return (error);

baddone:

splx(s);

@@ -916,7 +916,7 @@ ah_input_cb(void *op)

if (crp != NULL)

crypto_freereq(crp);

- return error;

+ return (error);

}

@@ -1238,6 +1238,7 @@ ah_output_cb(void *op)

FREE(tc, M_XDATA);

ahstat.ahs_notdb++;

DPRINTF(("ah_output_cb(): TDB is expired while in crypto\n"));

+ error = EPERM;

goto baddone;

}

diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 22e1ecb170e..e7fa6fbc30e 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp.c,v 1.79 2003/02/21 20:50:58 tedu Exp $ */

+/* $OpenBSD: ip_esp.c,v 1.80 2003/02/28 21:42:56 jason Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

* Angelos D. Keromytis (kermit@csd.uch.gr) and

@@ -455,7 +455,7 @@ int

esp_input_cb(void *op)

{

u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN];

- int hlen, roff, skip, protoff, error;

+ int s, hlen, roff, skip, protoff, error;

struct mbuf *m1, *mo, *m;

struct auth_hash *esph;

struct tdb_crypto *tc;

@@ -463,7 +463,6 @@ esp_input_cb(void *op)

struct m_tag *mtag;

struct tdb *tdb;

u_int32_t btsx;

- int s, err = 0;

caddr_t ptr;

crp = (struct cryptop *) op;

@@ -481,6 +480,7 @@ esp_input_cb(void *op)

FREE(tc, M_XDATA);

espstat.esps_notdb++;

DPRINTF(("esp_input_cb(): TDB is expired while in crypto"));

+ error = EPERM;

goto baddone;

}

@@ -667,9 +667,9 @@ esp_input_cb(void *op)

m_copyback(m, protoff, sizeof(u_int8_t), lastthree + 2);

/* Back to generic IPsec input processing */

- err = ipsec_common_input_cb(m, tdb, skip, protoff, mtag);

+ error = ipsec_common_input_cb(m, tdb, skip, protoff, mtag);

splx(s);

- return err;

+ return (error);

baddone:

splx(s);

@@ -679,7 +679,7 @@ esp_input_cb(void *op)

crypto_freereq(crp);

- return error;

+ return (error);

}

@@ -988,6 +988,7 @@ esp_output_cb(void *op)

FREE(tc, M_XDATA);

espstat.esps_notdb++;

DPRINTF(("esp_output_cb(): TDB is expired while in crypto\n"));

+ error = EPERM;

goto baddone;

}