From 38337fe98e2a5a1572bfde15d51eed349980302e Mon Sep 17 00:00:00 2001 From: Jun-ichiro itojun Hagino Date: Wed, 31 Jul 2002 00:13:38 +0000 Subject: fix potential NULL pointer deref. From: tedu --- sys/net/pfkeyv2.c | 22 +++++++++------------- sys/netiso/if_eon.c | 4 ++-- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index b0d468237de..30655fcbb0d 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.83 2002/06/07 04:47:06 ho Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.84 2002/07/31 00:13:36 itojun Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -1631,11 +1631,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len) MALLOC(ipo->ipo_srcid, struct ipsec_ref *, clen + sizeof(struct ipsec_ref), M_CREDENTIALS, M_DONTWAIT); - ipo->ipo_srcid->ref_type = sid->sadb_ident_type; - ipo->ipo_srcid->ref_len = clen; - ipo->ipo_srcid->ref_count = 1; - ipo->ipo_srcid->ref_malloctype = M_CREDENTIALS; - if (ipo->ipo_srcid == NULL) { if (exists) @@ -1646,7 +1641,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) rval = ENOBUFS; goto ret; } - + ipo->ipo_srcid->ref_type = sid->sadb_ident_type; + ipo->ipo_srcid->ref_len = clen; + ipo->ipo_srcid->ref_count = 1; + ipo->ipo_srcid->ref_malloctype = M_CREDENTIALS; bcopy(sid + 1, ipo->ipo_srcid + 1, ipo->ipo_srcid->ref_len); } @@ -1657,11 +1655,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len) MALLOC(ipo->ipo_dstid, struct ipsec_ref *, clen + sizeof(struct ipsec_ref), M_CREDENTIALS, M_DONTWAIT); - ipo->ipo_dstid->ref_type = sid->sadb_ident_type; - ipo->ipo_dstid->ref_len = clen; - ipo->ipo_dstid->ref_count = 1; - ipo->ipo_dstid->ref_malloctype = M_CREDENTIALS; - if (ipo->ipo_dstid == NULL) { if (exists) @@ -1677,7 +1670,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) rval = ENOBUFS; goto ret; } - + ipo->ipo_dstid->ref_type = sid->sadb_ident_type; + ipo->ipo_dstid->ref_len = clen; + ipo->ipo_dstid->ref_count = 1; + ipo->ipo_dstid->ref_malloctype = M_CREDENTIALS; bcopy(sid + 1, ipo->ipo_dstid + 1, ipo->ipo_dstid->ref_len); } diff --git a/sys/netiso/if_eon.c b/sys/netiso/if_eon.c index 7d1bcf79aad..c01712b8f41 100644 --- a/sys/netiso/if_eon.c +++ b/sys/netiso/if_eon.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_eon.c,v 1.15 2002/03/26 19:12:56 niklas Exp $ */ +/* $OpenBSD: if_eon.c,v 1.16 2002/07/31 00:13:37 itojun Exp $ */ /* $NetBSD: if_eon.c,v 1.15 1996/05/09 22:29:37 scottr Exp $ */ /*- @@ -305,7 +305,7 @@ eonrtrequest(cmd, rt, info) el->el_rt = rt; break; } - if (info || (gate = info->rti_info[RTAX_GATEWAY])) /*XXX*/ + if (info && (gate = info->rti_info[RTAX_GATEWAY])) /*XXX*/ switch (gate->sa_family) { case AF_LINK: #define SDL(x) ((struct sockaddr_dl *)x) -- cgit v1.2.3