summaryrefslogtreecommitdiff
path: root/sbin/iked/config.c
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2015-07-07 19:13:32 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2015-07-07 19:13:32 +0000
commit671b92a07833645621215afe7c48c04df7aee3d7 (patch)
tree204ba0341d25b1f37d5a28157000307392a1835a /sbin/iked/config.c
parentb84cd61057b6917d36e95f086d16f10e988858bb (diff)
repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ
(e.g. the policy might be used-after-free on 'ikectl reconfig') ok mikeb@
Diffstat (limited to 'sbin/iked/config.c')
-rw-r--r--sbin/iked/config.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c
index 0adbf2c0de3..0e05d8f0361 100644
--- a/sbin/iked/config.c
+++ b/sbin/iked/config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: config.c,v 1.35 2015/02/06 10:39:01 deraadt Exp $ */
+/* $OpenBSD: config.c,v 1.36 2015/07/07 19:13:31 markus Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -106,7 +106,7 @@ config_free_sa(struct iked *env, struct iked_sa *sa)
}
if (sa->sa_policy) {
- (void)RB_REMOVE(iked_sapeers, &sa->sa_policy->pol_sapeers, sa);
+ TAILQ_REMOVE(&sa->sa_policy->pol_sapeers, sa, sa_peer_entry);
policy_unref(env, sa->sa_policy);
}
@@ -157,8 +157,10 @@ config_new_policy(struct iked *env)
if ((pol = calloc(1, sizeof(*pol))) == NULL)
return (NULL);
+ /* XXX caller does this again */
TAILQ_INIT(&pol->pol_proposals);
- RB_INIT(&pol->pol_sapeers);
+ TAILQ_INIT(&pol->pol_sapeers);
+ RB_INIT(&pol->pol_flows);
return (pol);
}
@@ -173,10 +175,13 @@ config_free_policy(struct iked *env, struct iked_policy *pol)
TAILQ_REMOVE(&env->sc_policies, pol, pol_entry);
- RB_FOREACH(sa, iked_sapeers, &pol->pol_sapeers) {
- /* Remove from the policy tree, but keep for existing SAs */
+ TAILQ_FOREACH(sa, &pol->pol_sapeers, sa_peer_entry) {
+ /* Remove from the policy list, but keep for existing SAs */
if (sa->sa_policy == pol)
policy_ref(env, pol);
+ else
+ log_warnx("%s: ERROR: sa_policy %p != pol %p",
+ __func__, sa->sa_policy, pol);
}
if (pol->pol_refcnt)
@@ -687,6 +692,7 @@ config_getpolicy(struct iked *env, struct imsg *imsg)
offset += sizeof(*pol);
TAILQ_INIT(&pol->pol_proposals);
+ TAILQ_INIT(&pol->pol_sapeers);
RB_INIT(&pol->pol_flows);
for (i = 0; i < pol->pol_nproposals; i++) {