Subject: kern/36800: spl-level not resotred on error in ip_input.
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
List: netbsd-bugs
Date: 08/17/2007 11:35:01
>Number: 36800
>Category: kern
>Synopsis: spl-level not resotred on error in ip_input.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Aug 17 11:35:01 +0000 2007
>Originator: Wolfgang Stukenbrock
>Release: NetBSD 3.1
>Organization:
Dr. Nagler & Company GmbH
>Environment:
System: NetBSD test-s0 3.1 NetBSD 3.1 (test-s0) #0: Tue Apr 3 11:33:43 CEST 2007 root@test-s0:/usr/src/sys/arch/i386/compile/test-s0 i386
Architecture: i386
Machine: i386
>Description:
If no policy is found while checking the packet in FAST_IPSEC mode, the spl-level
will not be restored - it will stay at splsoftnet().
ThIf no policy is found while checking the packet in FAST_IPSEC mode, the spl-level
will not be restored - it will stay at splsoftnet().
The bug is located in /usr/src/sys/netinet/ip_input.c around line 1008.
>How-To-Repeat:
not relevant
>Fix:
*** ip_input.c 2007/08/17 11:26:09 1.1
--- ip_input.c 2007/08/17 11:27:15
***************
*** 1005,1011 ****
/* XXX error stat??? */
error = EINVAL;
DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/
- goto bad;
}
splx(s);
if (error)
--- 1005,1010 ----
>Unformatted: