Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Let key_getsavbyspi take a reference of a retur...
details: https://anonhg.NetBSD.org/src/rev/4500119bfca9
branches: trunk
changeset: 355051:4500119bfca9
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Tue Jul 11 04:55:39 2017 +0000
description:
Let key_getsavbyspi take a reference of a returning sav
diffstat:
sys/netipsec/key.c | 63 ++++++++++++++++++++++++++++++++++++------------------
1 files changed, 42 insertions(+), 21 deletions(-)
diffs (208 lines):
diff -r d67a6b68449a -r 4500119bfca9 sys/netipsec/key.c
--- a/sys/netipsec/key.c Tue Jul 11 04:50:59 2017 +0000
+++ b/sys/netipsec/key.c Tue Jul 11 04:55:39 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.173 2017/07/11 04:50:59 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.174 2017/07/11 04:55:39 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.173 2017/07/11 04:50:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.174 2017/07/11 04:55:39 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -427,7 +427,7 @@
key_newsav(m, sadb, e, __func__, __LINE__)
static void key_delsav (struct secasvar *);
static struct secashead *key_getsah(const struct secasindex *, int);
-static struct secasvar *key_checkspidup (const struct secasindex *, u_int32_t);
+static bool key_checkspidup(const struct secasindex *, u_int32_t);
static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t);
static int key_setsaval (struct secasvar *, struct mbuf *,
const struct sadb_msghdr *);
@@ -3033,7 +3033,7 @@
* NULL : not found
* others : found, pointer to a SA.
*/
-static struct secasvar *
+static bool
key_checkspidup(const struct secasindex *saidx, u_int32_t spi)
{
struct secashead *sah;
@@ -3042,7 +3042,7 @@
/* check address family */
if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
IPSECLOG(LOG_DEBUG, "address family mismatched.\n");
- return NULL;
+ return false;
}
/* check all SAD */
@@ -3050,11 +3050,13 @@
if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
continue;
sav = key_getsavbyspi(sah, spi);
- if (sav != NULL)
- return sav;
- }
-
- return NULL;
+ if (sav != NULL) {
+ KEY_FREESAV(&sav);
+ return true;
+ }
+ }
+
+ return false;
}
/*
@@ -3081,8 +3083,10 @@
continue;
}
- if (sav->spi == spi)
+ if (sav->spi == spi) {
+ SA_ADDREF(sav);
return sav;
+ }
}
}
@@ -4995,7 +4999,7 @@
}
if (spmin == spmax) {
- if (key_checkspidup(saidx, htonl(spmin)) != NULL) {
+ if (key_checkspidup(saidx, htonl(spmin))) {
IPSECLOG(LOG_DEBUG, "SPI %u exists already.\n", spmin);
return 0;
}
@@ -5013,7 +5017,7 @@
/* generate pseudo-random SPI value ranged. */
newspi = spmin + (key_random() % (spmax - spmin + 1));
- if (key_checkspidup(saidx, htonl(newspi)) == NULL)
+ if (!key_checkspidup(saidx, htonl(newspi)))
break;
}
@@ -5265,20 +5269,23 @@
if (sav->sah->saidx.proto != proto) {
IPSECLOG(LOG_DEBUG, "protocol mismatched (DB=%u param=%u)\n",
sav->sah->saidx.proto, proto);
- return key_senderror(so, m, EINVAL);
+ error = EINVAL;
+ goto error;
}
#ifdef IPSEC_DOSEQCHECK
if (sav->spi != sa0->sadb_sa_spi) {
IPSECLOG(LOG_DEBUG, "SPI mismatched (DB:%u param:%u)\n",
(u_int32_t)ntohl(sav->spi),
(u_int32_t)ntohl(sa0->sadb_sa_spi));
- return key_senderror(so, m, EINVAL);
+ error = EINVAL;
+ goto error;
}
#endif
if (sav->pid != mhp->msg->sadb_msg_pid) {
IPSECLOG(LOG_DEBUG, "pid mismatched (DB:%u param:%u)\n",
sav->pid, mhp->msg->sadb_msg_pid);
- return key_senderror(so, m, EINVAL);
+ error = EINVAL;
+ goto error;
}
/*
@@ -5297,19 +5304,19 @@
error = key_setsaval(newsav, m, mhp);
if (error) {
key_delsav(newsav);
- return key_senderror(so, m, error);
+ goto error;
}
error = key_handle_natt_info(newsav, mhp);
if (error != 0) {
key_delsav(newsav);
- return key_senderror(so, m, error);
+ goto error;
}
error = key_init_xform(newsav);
if (error != 0) {
key_delsav(newsav);
- return key_senderror(so, m, error);
+ goto error;
}
/* add to satree */
@@ -5320,6 +5327,7 @@
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
KEY_FREESAV(&sav);
+ KEY_FREESAV(&sav);
{
struct mbuf *n;
@@ -5334,6 +5342,9 @@
m_freem(m);
return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
}
+error:
+ KEY_FREESAV(&sav);
+ return key_senderror(so, m, error);
}
/*
@@ -5465,12 +5476,19 @@
return key_senderror(so, m, error);
}
- /* create new SA entry. */
+ {
+ struct secasvar *sav;
+
/* We can create new SA only if SPI is differenct. */
- if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
+ sav = key_getsavbyspi(newsah, sa0->sadb_sa_spi);
+ if (sav != NULL) {
+ KEY_FREESAV(&sav);
IPSECLOG(LOG_DEBUG, "SA already exists.\n");
return key_senderror(so, m, EEXIST);
}
+ }
+
+ /* create new SA entry. */
newsav = KEY_NEWSAV(m, mhp, &error);
if (newsav == NULL) {
return key_senderror(so, m, error);
@@ -5711,6 +5729,7 @@
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
KEY_FREESAV(&sav);
+ KEY_FREESAV(&sav);
{
struct mbuf *n;
@@ -5868,6 +5887,7 @@
/* map proto to satype */
satype = key_proto2satype(sah->saidx.proto);
if (satype == 0) {
+ KEY_FREESAV(&sav);
IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n");
return key_senderror(so, m, EINVAL);
}
@@ -5875,6 +5895,7 @@
/* create new sadb_msg to reply. */
n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
mhp->msg->sadb_msg_pid);
+ KEY_FREESAV(&sav);
if (!n)
return key_senderror(so, m, ENOBUFS);
Home |
Main Index |
Thread Index |
Old Index