summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2003-04-02 20:09:27 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2003-04-02 20:09:27 +0000
commitafc0caa2f2f245982c85c9a367868e151de532cd (patch)
tree73d3493e62d6e0a4e8e323636e636a4f5d81f7e0 /sys/netinet
parent9573c6e20c7fe3e87e0fea8f328421a5f4ec4909 (diff)
o sanity check mbuf earlier.
o return errno, not NULL. o add some missing error values o proper crypto_freereq() in ip_ipcomp.c From Patrick Latifi; OK angelos@
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/ip_ah.c44
-rw-r--r--sys/netinet/ip_esp.c43
-rw-r--r--sys/netinet/ip_ipcomp.c62
3 files changed, 78 insertions, 71 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 9f8d0907f94..09df206fc98 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.73 2003/03/31 20:52:06 millert Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.74 2003/04/02 20:09:26 millert Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -704,7 +704,17 @@ ah_input_cb(void *op)
skip = tc->tc_skip;
protoff = tc->tc_protoff;
mtag = (struct m_tag *) tc->tc_ptr;
+
m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ ahstat.ahs_crypto++;
+ DPRINTF(("ah_input_cb(): bogus returned buffer from "
+ "crypto\n"));
+ return (EINVAL);
+ }
s = spltdb();
@@ -738,16 +748,6 @@ ah_input_cb(void *op)
crp = NULL;
}
- /* Shouldn't happen... */
- if (m == NULL) {
- FREE(tc, M_XDATA);
- ahstat.ahs_crypto++;
- DPRINTF(("ah_input_cb(): bogus returned buffer from "
- "crypto\n"));
- error = EINVAL;
- goto baddone;
- }
-
if (!(tdb->tdb_flags & TDBF_NOREPLAY))
rplen = AH_FLENGTH + sizeof(u_int32_t);
else
@@ -969,7 +969,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
m_freem(m);
ahstat.ahs_wrap++;
- return NULL;
+ return EINVAL;
}
if (!(tdb->tdb_flags & TDBF_NOREPLAY))
@@ -1227,7 +1227,17 @@ ah_output_cb(void *op)
skip = tc->tc_skip;
protoff = tc->tc_protoff;
ptr = (caddr_t) (tc + 1);
+
m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ ahstat.ahs_crypto++;
+ DPRINTF(("ah_output_cb(): bogus returned buffer from "
+ "crypto\n"));
+ return (EINVAL);
+ }
s = spltdb();
@@ -1256,16 +1266,6 @@ ah_output_cb(void *op)
goto baddone;
}
- /* Shouldn't happen... */
- if (m == NULL) {
- FREE(tc, M_XDATA);
- ahstat.ahs_crypto++;
- DPRINTF(("ah_output_cb(): bogus returned buffer from "
- "crypto\n"));
- error = EINVAL;
- goto baddone;
- }
-
/*
* Copy original headers (with the new protocol number) back
* in place.
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 0f584b6ceea..828cec43360 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.81 2003/03/31 20:52:06 millert Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.82 2003/04/02 20:09:26 millert Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -471,7 +471,16 @@ esp_input_cb(void *op)
skip = tc->tc_skip;
protoff = tc->tc_protoff;
mtag = (struct m_tag *) tc->tc_ptr;
+
m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ espstat.esps_crypto++;
+ DPRINTF(("esp_input_cb(): bogus returned buffer from crypto\n"));
+ return (EINVAL);
+ }
s = spltdb();
@@ -502,15 +511,6 @@ esp_input_cb(void *op)
goto baddone;
}
- /* Shouldn't happen... */
- if (m == NULL) {
- FREE(tc, M_XDATA);
- espstat.esps_crypto++;
- DPRINTF(("esp_input_cb(): bogus returned buffer from crypto\n"));
- error = EINVAL;
- goto baddone;
- }
-
/* If authentication was performed, check now. */
if (esph != NULL) {
/*
@@ -537,7 +537,6 @@ esp_input_cb(void *op)
/* Remove trailing authenticator */
m_adj(m, -(esph->authsize));
}
-
FREE(tc, M_XDATA);
/* Replay window checking, if appropriate */
@@ -976,7 +975,18 @@ esp_output_cb(void *op)
int error, s;
tc = (struct tdb_crypto *) crp->crp_opaque;
+
m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ espstat.esps_crypto++;
+ DPRINTF(("esp_output_cb(): bogus returned buffer from "
+ "crypto\n"));
+ return (EINVAL);
+ }
+
s = spltdb();
@@ -1004,17 +1014,8 @@ esp_output_cb(void *op)
crp->crp_etype));
error = crp->crp_etype;
goto baddone;
- } else
- FREE(tc, M_XDATA);
-
- /* Shouldn't happen... */
- if (m == NULL) {
- espstat.esps_crypto++;
- DPRINTF(("esp_output_cb(): bogus returned buffer from "
- "crypto\n"));
- error = EINVAL;
- goto baddone;
}
+ FREE(tc, M_XDATA);
/* Release crypto descriptors. */
crypto_freereq(crp);
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index f3ce1e56988..9530b0efc0a 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.13 2003/03/31 20:52:06 millert Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.14 2003/04/02 20:09:26 millert Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -226,7 +226,16 @@ ipcomp_input_cb(op)
tc = (struct tdb_crypto *) crp->crp_opaque;
skip = tc->tc_skip;
protoff = tc->tc_protoff;
+
m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ ipcompstat.ipcomps_crypto++;
+ DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n"));
+ return (EINVAL);
+ }
s = spltdb();
@@ -250,9 +259,8 @@ ipcomp_input_cb(op)
FREE(tc, M_XDATA);
pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb);
- splx(s);
- m_freem(m);
- return ENXIO;
+ error = ENXIO;
+ goto baddone;
}
/* Notify on soft expiration */
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
@@ -279,34 +287,25 @@ ipcomp_input_cb(op)
}
FREE(tc, M_XDATA);
- /* Shouldn't happen... */
- if (m == NULL) {
- ipcompstat.ipcomps_crypto++;
- DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n"));
- error = EINVAL;
- goto baddone;
- }
- /* Release the crypto descriptors */
- crypto_freereq(crp);
-
/* Length of data after processing */
clen = crp->crp_olen;
/* In case it's not done already, adjust the size of the mbuf chain */
m->m_pkthdr.len = clen + hlen + skip;
- if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0)
+ if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) {
+ error = ENOBUFS;
goto baddone;
+ }
/* Find the beginning of the IPCOMP header */
m1 = m_getptr(m, skip, &roff);
if (m1 == NULL) {
ipcompstat.ipcomps_hdrops++;
- splx(s);
DPRINTF(("ipcomp_input_cb(): bad mbuf chain, IPCA %s/%08x\n",
ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
- m_freem(m);
- return EINVAL;
+ error = EINVAL;
+ goto baddone;
}
/* Keep the next protocol field */
addr = (caddr_t) mtod(m, struct ip *) + skip;
@@ -349,6 +348,9 @@ ipcomp_input_cb(op)
m->m_pkthdr.len -= hlen;
}
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
/* Restore the Next Protocol field */
m_copyback(m, protoff, sizeof(u_int8_t), (u_int8_t *) & nproto);
@@ -362,6 +364,7 @@ baddone:
if (m)
m_freem(m);
+
crypto_freereq(crp);
return error;
@@ -627,10 +630,20 @@ ipcomp_output_cb(cp)
#endif
tc = (struct tdb_crypto *) crp->crp_opaque;
- m = (struct mbuf *) crp->crp_buf;
skip = tc->tc_skip;
rlen = crp->crp_ilen - skip;
+ m = (struct mbuf *) crp->crp_buf;
+ if (m == NULL) {
+ /* Shouldn't happen... */
+ FREE(tc, M_XDATA);
+ crypto_freereq(crp);
+ ipcompstat.ipcomps_crypto++;
+ DPRINTF(("ipcomp_output_cb(): bogus returned buffer from "
+ "crypto\n"));
+ return (EINVAL);
+ }
+
s = spltdb();
tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
@@ -638,6 +651,7 @@ ipcomp_output_cb(cp)
FREE(tc, M_XDATA);
ipcompstat.ipcomps_notdb++;
DPRINTF(("ipcomp_output_cb(): TDB expired while in crypto\n"));
+ error = EPERM;
goto baddone;
}
@@ -659,15 +673,6 @@ ipcomp_output_cb(cp)
}
FREE(tc, M_XDATA);
- /* Shouldn't happen... */
- if (m == NULL) {
- ipcompstat.ipcomps_crypto++;
- DPRINTF(("ipcomp_output_cb(): bogus returned buffer from "
- "crypto\n"));
- error = EINVAL;
- goto baddone;
- }
-
/* Check sizes. */
if (rlen < crp->crp_olen) {
/* Compression was useless, we have lost time. */
@@ -715,6 +720,7 @@ ipcomp_output_cb(cp)
baddone:
splx(s);
+
if (m)
m_freem(m);