Fix a problem with how TDB timeouts were used in pfkeyv2.

When we allocated a tdb we did a timeout_add before a timeout_set.
This was a problem in itself, but it shouldn't hurt too much.
What did hurt was that we did a timeout_set after the timeout_add,
timeout_set marked the timeout as not being on the timeout list and if we
did a timeout_del (or timeout_add) later (before the timeout fired) we
ended up with a chunk of freed memory on the timeout queue or maybe
even dangling pointers (or a circular list).

This should probably cure the timeout queue corruption some people were
seeing lately.

1 files changed, 3 insertions, 6 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 0189dfaa5da..543faa42898 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.56 2001/03/15 06:30:57 mickey Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.57 2001/03/27 14:45:21 art Exp $ */
 /*
 %%% copyright-nrl-97
 This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1321,9 +1321,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		int alg;
 
 		/* Create new TDB */
-		MALLOC(freeme, struct tdb *, sizeof(struct tdb),
-		       M_TDB, M_WAITOK);
-		bzero(freeme, sizeof(struct tdb));
+		freeme = tdb_alloc();
 		bzero(&ii, sizeof(struct ipsecinit));
 
 		newsa = (struct tdb *) freeme;
@@ -1431,8 +1429,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    }
 
 	    /* Allocate and initialize new TDB */
-	    MALLOC(freeme, struct tdb *, sizeof(struct tdb), M_TDB, M_WAITOK);
-	    bzero(freeme, sizeof(struct tdb));
+	    freeme = tdb_alloc();
 
 	    {
 		struct tdb *newsa = (struct tdb *) freeme;