From df9c83489366e6518426547c5388edf5e374118a Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 31 Mar 2003 22:59:48 +0000 Subject: Protect tdb access w/ spltdb; Patrick Latifi Since bridgeintr_frame() is called at splsoftnet() this isn't a big deal but should still be fixed. jason@ OK. --- sys/net/if_bridge.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'sys/net') diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index df9b5011d4e..20def188a2c 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_bridge.c,v 1.113 2003/03/11 16:06:25 markus Exp $ */ +/* $OpenBSD: if_bridge.c,v 1.114 2003/03/31 22:59:47 millert Exp $ */ /* * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) @@ -2121,7 +2121,7 @@ bridge_ipsec(dir, af, hlen, m) struct tdb *tdb; u_int32_t spi; u_int16_t cpi; - int error, off; + int error, off, s; u_int8_t proto = 0; #ifdef INET struct ip *ip; @@ -2207,6 +2207,8 @@ bridge_ipsec(dir, af, hlen, m) if (proto == 0) goto skiplookup; + s = spltdb(); + tdb = gettdb(spi, &dst, proto); if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && tdb->tdb_xform != NULL) { @@ -2246,10 +2248,12 @@ bridge_ipsec(dir, af, hlen, m) } (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); + splx(s); return (1); } else { skiplookup: /* XXX do an input policy lookup */ + splx(s); return (0); } } else { /* Outgoing from the bridge. */ -- cgit v1.2.3