diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2012-09-26 14:53:24 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2012-09-26 14:53:24 +0000 |
| commit | 29406fae86e2db0ed2b65d941b4df825cac38a57 (patch) | |
| tree | fd46af912302b522959ec366138651ea9680cb4a /sys/netinet | |
| parent | 9f5c6dd85375c5bd1a39d6916b959a5b5db13957 (diff) | |
add M_ZEROIZE as an mbuf flag, so copied PFKEY messages (with embedded keys)
are cleared as well; from hshoexer@, feedback and ok bluhm@, ok claudio@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ah.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_ether.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 6 |
3 files changed, 7 insertions, 7 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index c0ebf3b3870..b60215e965b 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.102 2012/09/20 10:25:03 blambert Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.103 2012/09/26 14:53:23 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -1007,7 +1007,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, hdr.af = tdb->tdb_dst.sa.sa_family; hdr.spi = tdb->tdb_spi; - hdr.flags |= M_AUTH | M_AUTH_AH; + hdr.flags |= M_AUTH; bpf_mtap_hdr(encif->if_bpf, (char *)&hdr, ENC_HDRLEN, m, BPF_DIRECTION_OUT); diff --git a/sys/netinet/ip_ether.c b/sys/netinet/ip_ether.c index 178196bde5d..2b178795f5e 100644 --- a/sys/netinet/ip_ether.c +++ b/sys/netinet/ip_ether.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ether.c,v 1.58 2011/07/04 20:42:15 dhill Exp $ */ +/* $OpenBSD: ip_ether.c,v 1.59 2012/09/26 14:53:23 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (kermit@adk.gr) * @@ -247,7 +247,7 @@ etherip_decap(struct mbuf *m, int iphlen) m_copydata(m, 0, sizeof(eh), (void *) &eh); /* Reset the flags based on the inner packet */ - m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF|M_AUTH_AH); + m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF); if (eh.ether_dhost[0] & 1) { if (bcmp((caddr_t) etherbroadcastaddr, (caddr_t)eh.ether_dhost, sizeof(etherbroadcastaddr)) == 0) diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 0a9d9fba602..0a2b1da7597 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.107 2012/09/20 10:25:03 blambert Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.108 2012/09/26 14:53:23 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -650,7 +650,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, if (tdbp->tdb_authalgxform) m->m_flags |= M_AUTH; } else if (sproto == IPPROTO_AH) { - m->m_flags |= M_AUTH | M_AUTH_AH; + m->m_flags |= M_AUTH; } else if (sproto == IPPROTO_IPCOMP) { m->m_flags |= M_COMP; } @@ -674,7 +674,7 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, hdr.af = af; hdr.spi = tdbp->tdb_spi; - hdr.flags = m->m_flags & (M_AUTH|M_CONF|M_AUTH_AH); + hdr.flags = m->m_flags & (M_AUTH|M_CONF); bpf_mtap_hdr(encif->if_bpf, (char *)&hdr, ENC_HDRLEN, m, BPF_DIRECTION_IN); |