Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netipsec Sanity-check and return on error early



details:   https://anonhg.NetBSD.org/src/rev/47269f59c860
branches:  trunk
changeset: 353990:47269f59c860
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Wed May 31 04:01:21 2017 +0000

description:
Sanity-check and return on error early

And delay initializing local variables until they're actually used.

diffstat:

 sys/netipsec/key.c |  30 +++++++++++++-----------------
 1 files changed, 13 insertions(+), 17 deletions(-)

diffs (67 lines):

diff -r d04a51318c8d -r 47269f59c860 sys/netipsec/key.c
--- a/sys/netipsec/key.c        Wed May 31 02:17:49 2017 +0000
+++ b/sys/netipsec/key.c        Wed May 31 04:01:21 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $        */
+/*     $NetBSD: key.c,v 1.152 2017/05/31 04:01:21 ozaki-r Exp $        */
 /*     $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $        */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.152 2017/05/31 04:01:21 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -1884,12 +1884,8 @@
                lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
        }
 
-       src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
-       dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
        xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 
-       key_init_spidx_bymsghdr(&spidx, mhp);
-
        /* checking the direciton. */
        switch (xpl0->sadb_x_policy_dir) {
        case IPSEC_DIR_INBOUND:
@@ -1916,6 +1912,17 @@
                return key_senderror(so, m, EINVAL);
        }
 
+       src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
+       dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
+
+       /* sanity check on addr pair */
+       if (src->sa_family != dst->sa_family)
+               return key_senderror(so, m, EINVAL);
+       if (src->sa_len != dst->sa_len)
+               return key_senderror(so, m, EINVAL);
+
+       key_init_spidx_bymsghdr(&spidx, mhp);
+
        /*
         * checking there is SP already or not.
         * SPDUPDATE doesn't depend on whether there is a SP or not.
@@ -1951,17 +1958,6 @@
        }
 
        key_init_spidx_bymsghdr(&newsp->spidx, mhp);
-
-       /* sanity check on addr pair */
-       if (src->sa_family != dst->sa_family) {
-               kmem_free(newsp, sizeof(*newsp));
-               return key_senderror(so, m, EINVAL);
-       }
-       if (src->sa_len != dst->sa_len) {
-               kmem_free(newsp, sizeof(*newsp));
-               return key_senderror(so, m, EINVAL);
-       }
-
        newsp->created = time_uptime;
        newsp->lastused = newsp->created;
        newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;



Home | Main Index | Thread Index | Old Index