[src/trunk]: src/sys/netipsec Add missing NULL check. Normally that's not tri...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/93a8f7764f74
branches:  trunk
changeset: 829279:93a8f7764f74
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Jan 24 13:54:16 2018 +0000

description:
Add missing NULL check. Normally that's not triggerable remotely, since we
are guaranteed that 8 bytes are valid at mbuf+skip.

diffstat:

 sys/netipsec/xform_esp.c |  8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diffs (29 lines):

diff -r 5575cf54eab1 -r 93a8f7764f74 sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c  Wed Jan 24 13:52:47 2018 +0000
+++ b/sys/netipsec/xform_esp.c  Wed Jan 24 13:54:16 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $   */
+/*     $NetBSD: xform_esp.c,v 1.73 2018/01/24 13:54:16 maxv Exp $      */
 /*     $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $  */
 /*     $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.72 2017/10/03 08:56:52 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.73 2018/01/24 13:54:16 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -322,6 +322,10 @@
 
        /* XXX don't pullup, just copy header */
        IP6_EXTHDR_GET(esp, struct newesp *, m, skip, sizeof(struct newesp));
+       if (esp == NULL) {
+               /* m already freed */
+               return EINVAL;
+       }
 
        esph = sav->tdb_authalgxform;
        espx = sav->tdb_encalgxform;