Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec handle some unlikely IPv6 error case like every...

details:   https://anonhg.NetBSD.org/src/rev/9a9d18c58ac4
branches:  trunk
changeset: 762234:9a9d18c58ac4
user:      drochner <drochner%NetBSD.org@localhost>
date:      Thu Feb 17 20:20:18 2011 +0000

description:
handle some unlikely IPv6 error case like everywhere else:
free mbuf, inc statcounter. from OpenBSD
being here, fix a diagnostic output

diffstat:

 sys/netipsec/ipsec_input.c |  10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diffs (38 lines):

diff -r 8355ffc4a348 -r 9a9d18c58ac4 sys/netipsec/ipsec_input.c
--- a/sys/netipsec/ipsec_input.c        Thu Feb 17 19:58:34 2011 +0000
+++ b/sys/netipsec/ipsec_input.c        Thu Feb 17 20:20:18 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_input.c,v 1.24 2011/02/16 18:39:33 drochner Exp $        */
+/*     $NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $        */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $ */
 /*     $OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $        */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.24 2011/02/16 18:39:33 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.25 2011/02/17 20:20:18 drochner Exp $");
 
 /*
  * IPsec input processing.
@@ -477,6 +477,9 @@
 
        if (*offp < sizeof(struct ip6_hdr)) {
                DPRINTF(("ipsec6_common_input: bad offset %u\n", *offp));
+               IPSEC_ISTAT(proto, ESP_STAT_HDROPS, AH_STAT_HDROPS,
+                           IPCOMP_STAT_HDROPS);
+               m_freem(*mp);
                return IPPROTO_DONE;
        } else if (*offp == sizeof(struct ip6_hdr)) {
                protoff = offsetof(struct ip6_hdr, ip6_nxt);
@@ -492,7 +495,8 @@
                                l = (ip6e.ip6e_len + 2) << 2;
                        else
                                l = (ip6e.ip6e_len + 1) << 3;
-                       IPSEC_ASSERT(l > 0, ("ah6_input: l went zero or negative"));
+                       IPSEC_ASSERT(l > 0,
+                         ("ipsec6_common_input: l went zero or negative"));
                } while (protoff + l < *offp);
 
                /* Malformed packet check */
Home | Main Index | Thread Index | Old Index