diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1998-08-01 08:35:13 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1998-08-01 08:35:13 +0000 |
| commit | 567c88d37fa253ca4bc192efb03c3cfce0a52669 (patch) | |
| tree | 787dc2dfa3ed0e1a78cbfb05bddf5ec3f00eb511 /sys/netinet | |
| parent | 47848880013e13383614eb4f5acec3725eb84906 (diff) | |
more careful error handling, some simplification and beautification.
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_esp_new.c | 44 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 23 |
2 files changed, 25 insertions, 42 deletions
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index 6d6fc4a7a14..4990064093e 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.23 1998/07/30 08:41:20 provos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.24 1998/08/01 08:35:12 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -502,7 +502,6 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) } esp = (struct esp_new *) ((u_int8_t *) ip + (ip->ip_hl << 2)); - ipo = *ip; /* Replay window checking */ @@ -549,46 +548,23 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { bcopy(&(xd->edx_ictx), &ctx, xd->edx_hash->ctxsize); - /* Auth covers SPI + SN + IV*/ + /* Auth covers SPI + SN + IV */ oplen = plen + 2 * sizeof(u_int32_t) + xd->edx_ivlen; off = (ip->ip_hl << 2); + /* Copy the authentication data */ + m_copydata(m, m->m_pkthdr.len - alen, alen, buf); + mo = m; + while (oplen > 0) { if (mo == 0) panic("esp_new_input(): m_copydata (copy)"); count = min(mo->m_len - off, oplen); - xd->edx_hash->Update(&ctx, mtod(mo, unsigned char *) + off, count); oplen -= count; - if (oplen == 0) - { - /* Get the authentication data */ - if (mo->m_len - off - count >= alen) - bcopy(mtod(mo, unsigned char *) + off + count, buf, alen); - else - { - int olen = alen, tmp = 0; - - mi = mo; - off += count; - - while (mi != NULL && olen > 0) - { - count = min(mi->m_len - off, olen); - bcopy(mtod(mi, unsigned char *) + off, buf + tmp, - count); - - off = 0; - tmp += count; - olen -= count; - mi = mi->m_next; - } - } - } - off = 0; mo = mo->m_next; } @@ -690,7 +666,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) xd->edx_xform->decrypt(xd, blk); - for (i=0; i<blks; i++) + for (i = 0; i < blks; i++) blk[i] ^= ivp[i]; ivp = ivn; @@ -715,7 +691,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) xd->edx_xform->decrypt(xd, idat); - for (i=0; i<blks; i++) + for (i = 0; i < blks; i++) idat[i] ^= ivp[i]; ivp = ivn; @@ -1052,7 +1028,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, { bcopy(idat, blk + rest, blks - rest); - for (i=0; i<blks; i++) + for (i = 0; i < blks; i++) blk[i] ^= ivp[i]; xd->edx_xform->encrypt(xd, blk); @@ -1075,7 +1051,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, while (ilen >= blks && plen > 0) { - for (i=0; i<blks; i++) + for (i = 0; i < blks; i++) idat[i] ^= ivp[i]; xd->edx_xform->encrypt(xd, idat); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index e5b058bd4ce..96d1b8038b8 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.34 1998/07/29 22:18:48 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.35 1998/08/01 08:35:11 provos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -237,7 +237,8 @@ ip_output(m0, va_alist) if (encdebug) printf("ip_output(): no gw or gw data not IPSP\n"); #endif /* ENCDEBUG */ - RTFREE(re->re_rt); + if (re->re_rt) + RTFREE(re->re_rt); error = EHOSTUNREACH; goto bad; } @@ -289,12 +290,16 @@ ip_output(m0, va_alist) if (sa_require & ~sa_have) goto no_encap; + if (tdb == NULL) { #ifdef ENCDEBUG - if (encdebug && (tdb == NULL)) - printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", - ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, - gw->sen_ipsp_sproto); -#endif ENCDEBUG + if (encdebug) + printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, gw->sen_ipsp_sproto); +#endif + if (re->re_rt) + RTFREE(re->re_rt); + error = EHOSTUNREACH; + goto bad; + } /* Fix the ip_src field if necessary */ if (ip->ip_src.s_addr == INADDR_ANY) { @@ -481,9 +486,11 @@ expbail: error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp); - if (mp == NULL) + if (!error && mp == NULL) error = EFAULT; if (error) { + if (mp != NULL) + m_freem(mp); RTFREE(re->re_rt); return error; } |