From 4b89c162e059c9135660a361991f00bb48a76a58 Mon Sep 17 00:00:00 2001
From: "Angelos D. Keromytis" <angelos@cvs.openbsd.org>
Date: Sun, 26 Dec 1999 20:46:14 +0000
Subject: Correctly initialize loop variables when not doing authentication
 with ESP (bug reported by provos@)

---
 sys/netinet/ip_esp_new.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index f65799d8751..7c0d9d7e570 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_esp_new.c,v 1.55 1999/12/09 20:22:03 angelos Exp $	*/
+/*	$OpenBSD: ip_esp_new.c,v 1.56 1999/12/26 20:46:13 angelos Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -339,6 +339,20 @@ esp_new_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
 	tdb->tdb_flags &= ~TDBF_SOFT_BYTES;       /* Turn off checking */
     }
 
+    /* 
+     * Skip forward to the beginning of the ESP header. If we run out
+     * of mbufs in the process, the check inside the following while()
+     * loop will catch it.
+     */
+    for (mo = m, i = 0; mo && i + mo->m_len <= skip; mo = mo->m_next)
+      i += mo->m_len;
+
+    off = skip - i;
+
+    /* Preserve these for later processing */
+    roff = off;
+    m1 = mo;
+
     /* Verify the authenticator */
     if (esph)
     {
@@ -347,20 +361,6 @@ esp_new_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
 	/* Copy the authentication data */
 	m_copydata(m, m->m_pkthdr.len - alen, alen, iv);
 
-	/* 
-	 * Skip forward to the beginning of the ESP header. If we run out
-	 * of mbufs in the process, the check inside the following while()
-	 * loop will catch it.
-	 */
-	for (mo = m, i = 0; mo && i + mo->m_len <= skip; mo = mo->m_next)
-	  i += mo->m_len;
-
-	off = skip - i;
-
-	/* Preserve these for later processing */
-	roff = off;
-	m1 = mo;
-
 	while (oplen > 0)
 	{
 	    if (mo == NULL)
-- 
cgit v1.2.3