o sanity check mbuf earlier.

o return errno, not NULL.
o add some missing error values
o proper crypto_freereq() in ip_ipcomp.c
From Patrick Latifi; OK angelos@

3 files changed, 78 insertions, 71 deletions

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index 9f8d0907f94..09df206fc98 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ah.c,v 1.73 2003/03/31 20:52:06 millert Exp $ */
+/*	$OpenBSD: ip_ah.c,v 1.74 2003/04/02 20:09:26 millert Exp $ */
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -704,7 +704,17 @@ ah_input_cb(void *op)
 	skip = tc->tc_skip;
 	protoff = tc->tc_protoff;
 	mtag = (struct m_tag *) tc->tc_ptr;
+
 	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		ahstat.ahs_crypto++;
+		DPRINTF(("ah_input_cb(): bogus returned buffer from "
+		    "crypto\n"));
+		return (EINVAL);
+	}
 
 	s = spltdb();
 
@@ -738,16 +748,6 @@ ah_input_cb(void *op)
 		crp = NULL;
 	}
 
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		FREE(tc, M_XDATA);
-		ahstat.ahs_crypto++;
-		DPRINTF(("ah_input_cb(): bogus returned buffer from "
-		    "crypto\n"));
-		error = EINVAL;
-		goto baddone;
-	}
-
 	if (!(tdb->tdb_flags & TDBF_NOREPLAY))
 		rplen = AH_FLENGTH + sizeof(u_int32_t);
 	else
@@ -969,7 +969,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip,
 		    ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
 		m_freem(m);
 		ahstat.ahs_wrap++;
-		return NULL;
+		return EINVAL;
 	}
 
 	if (!(tdb->tdb_flags & TDBF_NOREPLAY))
@@ -1227,7 +1227,17 @@ ah_output_cb(void *op)
 	skip = tc->tc_skip;
 	protoff = tc->tc_protoff;
 	ptr = (caddr_t) (tc + 1);
+
 	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		ahstat.ahs_crypto++;
+		DPRINTF(("ah_output_cb(): bogus returned buffer from "
+		    "crypto\n"));
+		return (EINVAL);
+	}
 
 	s = spltdb();
 
@@ -1256,16 +1266,6 @@ ah_output_cb(void *op)
 		goto baddone;
 	}
 
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		FREE(tc, M_XDATA);
-		ahstat.ahs_crypto++;
-		DPRINTF(("ah_output_cb(): bogus returned buffer from "
-		    "crypto\n"));
-		error = EINVAL;
-		goto baddone;
-	}
-
 	/*
 	 * Copy original headers (with the new protocol number) back
 	 * in place.
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 0f584b6ceea..828cec43360 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_esp.c,v 1.81 2003/03/31 20:52:06 millert Exp $ */
+/*	$OpenBSD: ip_esp.c,v 1.82 2003/04/02 20:09:26 millert Exp $ */
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -471,7 +471,16 @@ esp_input_cb(void *op)
 	skip = tc->tc_skip;
 	protoff = tc->tc_protoff;
 	mtag = (struct m_tag *) tc->tc_ptr;
+
 	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		espstat.esps_crypto++;
+		DPRINTF(("esp_input_cb(): bogus returned buffer from crypto\n"));
+		return (EINVAL);
+	}
 
 	s = spltdb();
 
@@ -502,15 +511,6 @@ esp_input_cb(void *op)
 		goto baddone;
 	}
 
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		FREE(tc, M_XDATA);
-		espstat.esps_crypto++;
-		DPRINTF(("esp_input_cb(): bogus returned buffer from crypto\n"));
-		error = EINVAL;
-		goto baddone;
-	}
-
 	/* If authentication was performed, check now. */
 	if (esph != NULL) {
 		/*
@@ -537,7 +537,6 @@ esp_input_cb(void *op)
 		/* Remove trailing authenticator */
 		m_adj(m, -(esph->authsize));
 	}
-
 	FREE(tc, M_XDATA);
 
 	/* Replay window checking, if appropriate */
@@ -976,7 +975,18 @@ esp_output_cb(void *op)
 	int error, s;
 
 	tc = (struct tdb_crypto *) crp->crp_opaque;
+
 	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		espstat.esps_crypto++;
+		DPRINTF(("esp_output_cb(): bogus returned buffer from "
+		    "crypto\n"));
+		return (EINVAL);
+	}
+
 
 	s = spltdb();
 
@@ -1004,17 +1014,8 @@ esp_output_cb(void *op)
 		    crp->crp_etype));
 		error = crp->crp_etype;
 		goto baddone;
-	} else
-		FREE(tc, M_XDATA);
-
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		espstat.esps_crypto++;
-		DPRINTF(("esp_output_cb(): bogus returned buffer from "
-		    "crypto\n"));
-		error = EINVAL;
-		goto baddone;
 	}
+	FREE(tc, M_XDATA);
 
 	/* Release crypto descriptors. */
 	crypto_freereq(crp);
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index f3ce1e56988..9530b0efc0a 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.13 2003/03/31 20:52:06 millert Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.14 2003/04/02 20:09:26 millert Exp $ */
 
 /*
  * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -226,7 +226,16 @@ ipcomp_input_cb(op)
 	tc = (struct tdb_crypto *) crp->crp_opaque;
 	skip = tc->tc_skip;
 	protoff = tc->tc_protoff;
+
 	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		ipcompstat.ipcomps_crypto++;
+		DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n"));
+		return (EINVAL);
+	}
 
 	s = spltdb();
 
@@ -250,9 +259,8 @@ ipcomp_input_cb(op)
 		FREE(tc, M_XDATA);
 		pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
 		tdb_delete(tdb);
-		splx(s);
-		m_freem(m);
-		return ENXIO;
+		error = ENXIO;
+		goto baddone;
 	}
 	/* Notify on soft expiration */
 	if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
@@ -279,34 +287,25 @@ ipcomp_input_cb(op)
 	}
 	FREE(tc, M_XDATA);
 
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		ipcompstat.ipcomps_crypto++;
-		DPRINTF(("ipcomp_input_cb(): bogus returned buffer from crypto\n"));
-		error = EINVAL;
-		goto baddone;
-	}
-	/* Release the crypto descriptors */
-	crypto_freereq(crp);
-
 	/* Length of data after processing */
 	clen = crp->crp_olen;
 
 	/* In case it's not done already, adjust the size of the mbuf chain */
 	m->m_pkthdr.len = clen + hlen + skip;
 
-	if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0)
+	if ((m->m_len < skip + hlen) && (m = m_pullup(m, skip + hlen)) == 0) {
+		error = ENOBUFS;
 		goto baddone;
+	}
 
 	/* Find the beginning of the IPCOMP header */
 	m1 = m_getptr(m, skip, &roff);
 	if (m1 == NULL) {
 		ipcompstat.ipcomps_hdrops++;
-		splx(s);
 		DPRINTF(("ipcomp_input_cb(): bad mbuf chain, IPCA %s/%08x\n",
 		    ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi)));
-		m_freem(m);
-		return EINVAL;
+		error = EINVAL;
+		goto baddone;
 	}
 	/* Keep the next protocol field */
 	addr = (caddr_t) mtod(m, struct ip *) + skip;
@@ -349,6 +348,9 @@ ipcomp_input_cb(op)
 		m->m_pkthdr.len -= hlen;
 	}
 
+	/* Release the crypto descriptors */
+	crypto_freereq(crp);
+
 	/* Restore the Next Protocol field */
 	m_copyback(m, protoff, sizeof(u_int8_t), (u_int8_t *) & nproto);
 
@@ -362,6 +364,7 @@ baddone:
 
 	if (m)
 		m_freem(m);
+
 	crypto_freereq(crp);
 
 	return error;
@@ -627,10 +630,20 @@ ipcomp_output_cb(cp)
 #endif
 
 	tc = (struct tdb_crypto *) crp->crp_opaque;
-	m = (struct mbuf *) crp->crp_buf;
 	skip = tc->tc_skip;
 	rlen = crp->crp_ilen - skip;
 
+	m = (struct mbuf *) crp->crp_buf;
+	if (m == NULL) {
+		/* Shouldn't happen... */
+		FREE(tc, M_XDATA);
+		crypto_freereq(crp);
+		ipcompstat.ipcomps_crypto++;
+		DPRINTF(("ipcomp_output_cb(): bogus returned buffer from "
+		    "crypto\n"));
+		return (EINVAL);
+	}
+
 	s = spltdb();
 
 	tdb = gettdb(tc->tc_spi, &tc->tc_dst, tc->tc_proto);
@@ -638,6 +651,7 @@ ipcomp_output_cb(cp)
 		FREE(tc, M_XDATA);
 		ipcompstat.ipcomps_notdb++;
 		DPRINTF(("ipcomp_output_cb(): TDB expired while in crypto\n"));
+		error = EPERM;
 		goto baddone;
 	}
 
@@ -659,15 +673,6 @@ ipcomp_output_cb(cp)
 	}
 	FREE(tc, M_XDATA);
 
-	/* Shouldn't happen... */
-	if (m == NULL) {
-		ipcompstat.ipcomps_crypto++;
-		DPRINTF(("ipcomp_output_cb(): bogus returned buffer from "
-		    "crypto\n"));
-		error = EINVAL;
-		goto baddone;
-	}
-
 	/* Check sizes. */
 	if (rlen < crp->crp_olen) {
 		/* Compression was useless, we have lost time. */
@@ -715,6 +720,7 @@ ipcomp_output_cb(cp)
 
 baddone:
 	splx(s);
+
 	if (m)
 		m_freem(m);