From 567c88d37fa253ca4bc192efb03c3cfce0a52669 Mon Sep 17 00:00:00 2001 From: Niels Provos Date: Sat, 1 Aug 1998 08:35:13 +0000 Subject: more careful error handling, some simplification and beautification. --- sys/netinet/ip_esp_new.c | 44 ++++++++++---------------------------------- sys/netinet/ip_output.c | 23 +++++++++++++++-------- 2 files changed, 25 insertions(+), 42 deletions(-) (limited to 'sys') diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index 6d6fc4a7a14..4990064093e 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.23 1998/07/30 08:41:20 provos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.24 1998/08/01 08:35:12 provos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -502,7 +502,6 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) } esp = (struct esp_new *) ((u_int8_t *) ip + (ip->ip_hl << 2)); - ipo = *ip; /* Replay window checking */ @@ -549,46 +548,23 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) { bcopy(&(xd->edx_ictx), &ctx, xd->edx_hash->ctxsize); - /* Auth covers SPI + SN + IV*/ + /* Auth covers SPI + SN + IV */ oplen = plen + 2 * sizeof(u_int32_t) + xd->edx_ivlen; off = (ip->ip_hl << 2); + /* Copy the authentication data */ + m_copydata(m, m->m_pkthdr.len - alen, alen, buf); + mo = m; + while (oplen > 0) { if (mo == 0) panic("esp_new_input(): m_copydata (copy)"); count = min(mo->m_len - off, oplen); - xd->edx_hash->Update(&ctx, mtod(mo, unsigned char *) + off, count); oplen -= count; - if (oplen == 0) - { - /* Get the authentication data */ - if (mo->m_len - off - count >= alen) - bcopy(mtod(mo, unsigned char *) + off + count, buf, alen); - else - { - int olen = alen, tmp = 0; - - mi = mo; - off += count; - - while (mi != NULL && olen > 0) - { - count = min(mi->m_len - off, olen); - bcopy(mtod(mi, unsigned char *) + off, buf + tmp, - count); - - off = 0; - tmp += count; - olen -= count; - mi = mi->m_next; - } - } - } - off = 0; mo = mo->m_next; } @@ -690,7 +666,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) xd->edx_xform->decrypt(xd, blk); - for (i=0; iedx_xform->decrypt(xd, idat); - for (i=0; iedx_xform->encrypt(xd, blk); @@ -1075,7 +1051,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, while (ilen >= blks && plen > 0) { - for (i=0; iedx_xform->encrypt(xd, idat); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index e5b058bd4ce..96d1b8038b8 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.34 1998/07/29 22:18:48 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.35 1998/08/01 08:35:11 provos Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -237,7 +237,8 @@ ip_output(m0, va_alist) if (encdebug) printf("ip_output(): no gw or gw data not IPSP\n"); #endif /* ENCDEBUG */ - RTFREE(re->re_rt); + if (re->re_rt) + RTFREE(re->re_rt); error = EHOSTUNREACH; goto bad; } @@ -289,12 +290,16 @@ ip_output(m0, va_alist) if (sa_require & ~sa_have) goto no_encap; + if (tdb == NULL) { #ifdef ENCDEBUG - if (encdebug && (tdb == NULL)) - printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", - ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, - gw->sen_ipsp_sproto); -#endif ENCDEBUG + if (encdebug) + printf("ip_output(): non-existant TDB for SA %08x/%x/%d\n", ntohl(gw->sen_ipsp_spi), gw->sen_ipsp_dst, gw->sen_ipsp_sproto); +#endif + if (re->re_rt) + RTFREE(re->re_rt); + error = EHOSTUNREACH; + goto bad; + } /* Fix the ip_src field if necessary */ if (ip->ip_src.s_addr == INADDR_ANY) { @@ -481,9 +486,11 @@ expbail: error = (*(tdb->tdb_xform->xf_output))(m, gw, tdb, &mp); - if (mp == NULL) + if (!error && mp == NULL) error = EFAULT; if (error) { + if (mp != NULL) + m_freem(mp); RTFREE(re->re_rt); return error; } -- cgit v1.2.3