> Module Name:	src
> Committed By:	itojun
> Date:		Mon May 31 09:20:38 UTC 2004
> 
> Modified Files:
> 	src/sys/netkey: keysock.c
> 
> Log Message:
> need to fix kp_queue better...

- i think that kp_queue should be null-out when we pull the chain from it.
- still leaks mbufs in the cases of ENOBUF?

YAMAMOTO Takashi

Index: keysock.c
===================================================================
RCS file: /cvsroot/src/sys/netkey/keysock.c,v
retrieving revision 1.33
diff -u -p -r1.33 keysock.c
--- keysock.c	31 May 2004 09:20:38 -0000	1.33
+++ keysock.c	31 May 2004 11:18:13 -0000
@@ -232,16 +232,17 @@ key_sendup0(rp, m, promisc, canwait)
 
 	if (canwait) {
 		if (kp->kp_queue) {
-			for (n = kp->kp_queue; n && n->m_nextpkt;
-			    n = n->m_nextpkt)
+			for (n = kp->kp_queue; n->m_nextpkt; n = n->m_nextpkt)
 				;
 			n->m_nextpkt = m;
 			m = kp->kp_queue;
+			kp->kp_queue = NULL;
 		} else
 			m->m_nextpkt = NULL;	/* just for safety */
 	} else
 		m->m_nextpkt = NULL;	/* just for safety */
 
+	n = NULL;
 	for (; m && error == 0; m = n) {
 		n = m->m_nextpkt;
 
@@ -253,7 +254,8 @@ key_sendup0(rp, m, promisc, canwait)
 				m = m_pullup(m, sizeof(struct sadb_msg));
 			if (!m) {
 				pfkeystat.in_nomem++;
-				return ENOBUFS;
+				error = ENOBUFS;
+				break;
 			}
 			m->m_pkthdr.len += sizeof(*pmsg);
 
@@ -270,6 +272,7 @@ key_sendup0(rp, m, promisc, canwait)
 		if (canwait &&
 		    sbspace(&rp->rcb_socket->so_rcv) < m->m_pkthdr.len) {
 			error = EAGAIN;
+			KASSERT(kp->kp_queue == NULL);
 			kp->kp_queue = m;
 			m->m_nextpkt = n;
 			break;
@@ -282,9 +285,14 @@ key_sendup0(rp, m, promisc, canwait)
 			pfkeystat.in_nomem++;
 			m_freem(m);
 			error = ENOBUFS;
-		} else
-			error = 0;
+		}
 	}
+
+	for (m = n; m; m = n) {
+		n = m->m_nextpkt;
+		m_freem(m);
+	}
+
 	return error;
 }