Subject: panic: ipsec4_splithdr: first mbuf too short
To: None <tech-net@netbsd.org>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-net
Date: 06/15/2006 08:31:12
Hi
I experienced this unpleasant panic. I wonder if this issue is caused
by some kernel data inconsistency (which means that the panic is legitimate),
or by a bogus packet (which means we should only issue a warning and drop
the packet).
Here is a patch that goes the secondway, but I'm not sure it is ok to
commit it. Opinions?
Index: ipsec.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/ipsec.c,v
retrieving revision 1.101
diff -U2 -r1.101 ipsec.c
--- ipsec.c 9 Mar 2005 14:17:13 -0000 1.101
+++ ipsec.c 15 Jun 2006 08:25:57 -0000
@@ -3224,6 +3224,10 @@
int hlen;
- if (m->m_len < sizeof(struct ip))
- panic("ipsec4_splithdr: first mbuf too short");
+ if (m->m_len < sizeof(struct ip)) {
+ printf("ipsec4_splithdr: first mbuf too short");
+ m_freem(m);
+ return NULL;
+ }
+
ip = mtod(m, struct ip *);
hlen = ip->ip_hl << 2;
--
Emmanuel Dreyfus
manu@netbsd.org