summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2.c
diff options
context:
space:
mode:
authorArtur Grabowski <art@cvs.openbsd.org>2001-03-27 14:45:23 +0000
committerArtur Grabowski <art@cvs.openbsd.org>2001-03-27 14:45:23 +0000
commitfb1995477c407b9d415f5a26f8da6132c45c518e (patch)
tree0e9c52097f924ea06c9a2dafd1f6956b119da0d5 /sys/net/pfkeyv2.c
parent5e7c546f51ba932d1c019f64489c6664456e5784 (diff)
Fix a problem with how TDB timeouts were used in pfkeyv2.
When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately.
Diffstat (limited to 'sys/net/pfkeyv2.c')
-rw-r--r--sys/net/pfkeyv2.c9
1 files changed, 3 insertions, 6 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 0189dfaa5da..543faa42898 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.56 2001/03/15 06:30:57 mickey Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.57 2001/03/27 14:45:21 art Exp $ */
/*
%%% copyright-nrl-97
This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1321,9 +1321,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
int alg;
/* Create new TDB */
- MALLOC(freeme, struct tdb *, sizeof(struct tdb),
- M_TDB, M_WAITOK);
- bzero(freeme, sizeof(struct tdb));
+ freeme = tdb_alloc();
bzero(&ii, sizeof(struct ipsecinit));
newsa = (struct tdb *) freeme;
@@ -1431,8 +1429,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
}
/* Allocate and initialize new TDB */
- MALLOC(freeme, struct tdb *, sizeof(struct tdb), M_TDB, M_WAITOK);
- bzero(freeme, sizeof(struct tdb));
+ freeme = tdb_alloc();
{
struct tdb *newsa = (struct tdb *) freeme;