From 0d36d7e12683cf89f8bfb0a3c24e527f2767103f Mon Sep 17 00:00:00 2001 From: tobhe Date: Mon, 14 Dec 2020 20:20:07 +0000 Subject: Make sure that the address families of a flow's source address, destination address and their netmasks match, otherwise return EINVAL. ok bluhm@ patrick@ --- sys/net/pfkeyv2_convert.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'sys/net/pfkeyv2_convert.c') diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 1d79e925c6c..f4fbf0f681b 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.69 2020/11/05 19:28:28 phessler Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.70 2020/12/14 20:20:06 tobhe Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -422,7 +422,7 @@ export_lifetime(void **p, struct tdb *tdb, int type) * Import flow information to two struct sockaddr_encap's. Either * all or none of the address arguments are NULL. */ -void +int import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, struct sadb_address *ssrc, struct sadb_address *ssrcmask, struct sadb_address *ddst, struct sadb_address *ddstmask, @@ -435,7 +435,7 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, union sockaddr_union *dstmask = (union sockaddr_union *)(ddstmask + 1); if (ssrc == NULL) - return; /* There wasn't any information to begin with. */ + return 0; /* There wasn't any information to begin with. */ bzero(flow, sizeof(*flow)); bzero(flowmask, sizeof(*flowmask)); @@ -450,7 +450,7 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, if ((src->sa.sa_family != dst->sa.sa_family) || (src->sa.sa_family != srcmask->sa.sa_family) || (src->sa.sa_family != dstmask->sa.sa_family)) - return; + return EINVAL; /* * We set these as an indication that tdb_filter/tdb_filtermask are @@ -513,6 +513,8 @@ import_flow(struct sockaddr_encap *flow, struct sockaddr_encap *flowmask, break; #endif /* INET6 */ } + + return 0; } /* -- cgit v1.2.3