diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-03-31 20:52:07 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-03-31 20:52:07 +0000 |
| commit | b7077670b4d40c28f2aee3452c5d9d7b4466c9bc (patch) | |
| tree | b7c38ea475128e79073792ab4bf323f6798d4bc1 | |
| parent | bae8cbce56530369cc1a5c14f88bc93ae2a54bb9 (diff) | |
Avoid using FREEd data when we get a crypto error; Patrick Latifi
Also move the session ID reset into the crp_etype == EAGAIN case
(noticed by angelos@). OK jason@ and angelos@
| -rw-r--r-- | sys/netinet/ip_ah.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 21 | ||||
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 28 |
3 files changed, 32 insertions, 36 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 48f845e8c46..9f8d0907f94 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.72 2003/02/28 21:42:56 jason Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.73 2003/03/31 20:52:06 millert Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -721,16 +721,14 @@ ah_input_cb(void *op) /* Check for crypto errors. */ if (crp->crp_etype) { - FREE(tc, M_XDATA); - - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } - + FREE(tc, M_XDATA); ahstat.ahs_noxform++; DPRINTF(("ah_input_cb(): crypto error %d\n", crp->crp_etype)); error = crp->crp_etype; @@ -1244,14 +1242,13 @@ ah_output_cb(void *op) /* Check for crypto errors. */ if (crp->crp_etype) { - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } - FREE(tc, M_XDATA); ahstat.ahs_noxform++; DPRINTF(("ah_output_cb(): crypto error %d\n", crp->crp_etype)); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index e7fa6fbc30e..0f584b6ceea 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.80 2003/02/28 21:42:56 jason Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.81 2003/03/31 20:52:06 millert Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -488,17 +488,14 @@ esp_input_cb(void *op) /* Check for crypto errors */ if (crp->crp_etype) { - FREE(tc, M_XDATA); - - /* Reset the session ID */ - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } - + FREE(tc, M_XDATA); espstat.esps_noxform++; DPRINTF(("esp_input_cb(): crypto error %d\n", crp->crp_etype)); error = crp->crp_etype; @@ -994,15 +991,13 @@ esp_output_cb(void *op) /* Check for crypto errors. */ if (crp->crp_etype) { - /* Reset session ID. */ - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } - FREE(tc, M_XDATA); espstat.esps_noxform++; DPRINTF(("esp_output_cb(): crypto error %d\n", diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index cdc9c3f5ea8..f3ce1e56988 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.12 2003/03/31 17:16:56 millert Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.13 2003/03/31 20:52:06 millert Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -231,10 +231,11 @@ ipcomp_input_cb(op) s = spltdb(); tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto); - FREE(tc, M_XDATA); if (tdb == NULL) { + FREE(tc, M_XDATA); ipcompstat.ipcomps_notdb++; DPRINTF(("ipcomp_input_cb(): TDB expired while in crypto")); + error = EPERM; goto baddone; } ipcompx = (struct comp_algo *) tdb->tdb_compalgxform; @@ -246,6 +247,7 @@ ipcomp_input_cb(op) /* Hard expiration */ if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { + FREE(tc, M_XDATA); pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb); splx(s); @@ -261,19 +263,22 @@ ipcomp_input_cb(op) /* Check for crypto errors */ if (crp->crp_etype) { - /* Reset the session ID */ - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } + FREE(tc, M_XDATA); ipcompstat.ipcomps_noxform++; DPRINTF(("ipcomp_input_cb(): crypto error %d\n", crp->crp_etype)); error = crp->crp_etype; goto baddone; } + FREE(tc, M_XDATA); + /* Shouldn't happen... */ if (m == NULL) { ipcompstat.ipcomps_crypto++; @@ -638,22 +643,21 @@ ipcomp_output_cb(cp) /* Check for crypto errors. */ if (crp->crp_etype) { - /* Reset session ID */ - if (tdb->tdb_cryptoid != 0) - tdb->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { + /* Reset the session ID */ + if (tdb->tdb_cryptoid != 0) + tdb->tdb_cryptoid = crp->crp_sid; splx(s); return crypto_dispatch(crp); } - FREE(tc, M_XDATA); ipcompstat.ipcomps_noxform++; DPRINTF(("ipcomp_output_cb(): crypto error %d\n", crp->crp_etype)); + error = crp->crp_etype; goto baddone; - } else - FREE(tc, M_XDATA); + } + FREE(tc, M_XDATA); /* Shouldn't happen... */ if (m == NULL) { |