Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Fix uninitialized variable: in ipsec_checkpcbca...
details: https://anonhg.NetBSD.org/src/rev/b3f6d413068e
branches: trunk
changeset: 1000138:b3f6d413068e
user: maxv <maxv%NetBSD.org@localhost>
date: Tue Jul 09 16:56:24 2019 +0000
description:
Fix uninitialized variable: in ipsec_checkpcbcache(), spidx.dir is not
initialized, and the padding of the spidx structure is not initialized
either. This causes the memcmp() to wrongfully fail.
Change ipsec_setspidx() to always initialize spdix.dir and zero out the
padding.
ok ozaki-r@
diffstat:
sys/netipsec/ipsec.c | 22 +++++++++++++---------
1 files changed, 13 insertions(+), 9 deletions(-)
diffs (86 lines):
diff -r 0d77b8d2dca1 -r b3f6d413068e sys/netipsec/ipsec.c
--- a/sys/netipsec/ipsec.c Tue Jul 09 16:25:05 2019 +0000
+++ b/sys/netipsec/ipsec.c Tue Jul 09 16:56:24 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.168 2019/01/27 02:08:48 pgoyette Exp $ */
+/* $NetBSD: ipsec.c,v 1.169 2019/07/09 16:56:24 maxv Exp $ */
/* $FreeBSD: ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.168 2019/01/27 02:08:48 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.169 2019/07/09 16:56:24 maxv Exp $");
/*
* IPsec controller part.
@@ -172,7 +172,7 @@
#endif
static int ipsec_setspidx_inpcb(struct mbuf *, void *);
-static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int);
+static int ipsec_setspidx(struct mbuf *, struct secpolicyindex *, int, int);
static void ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *, int);
static int ipsec4_setspidx_ipaddr(struct mbuf *, struct secpolicyindex *);
#ifdef INET6
@@ -220,7 +220,7 @@
}
if ((pcbsp->sp_cacheflags & IPSEC_PCBSP_CONNECTED) == 0) {
/* NB: assume ipsec_setspidx never sleep */
- if (ipsec_setspidx(m, &spidx, 1) != 0) {
+ if (ipsec_setspidx(m, &spidx, dir, 1) != 0) {
sp = NULL;
goto out;
}
@@ -269,7 +269,7 @@
pcbsp->sp_cache[dir].cachesp = NULL;
pcbsp->sp_cache[dir].cachehint = IPSEC_PCBHINT_UNKNOWN;
- if (ipsec_setspidx(m, &pcbsp->sp_cache[dir].cacheidx, 1) != 0) {
+ if (ipsec_setspidx(m, &pcbsp->sp_cache[dir].cacheidx, dir, 1) != 0) {
return EINVAL;
}
pcbsp->sp_cache[dir].cachesp = sp;
@@ -537,7 +537,7 @@
sp = NULL;
/* Make an index to look for a policy. */
- *error = ipsec_setspidx(m, &spidx, (flag & IP_FORWARDING) ? 0 : 1);
+ *error = ipsec_setspidx(m, &spidx, dir, (flag & IP_FORWARDING) ? 0 : 1);
if (*error != 0) {
IPSECLOG(LOG_DEBUG, "setpidx failed, dir %u flag %u\n", dir, flag);
memset(&spidx, 0, sizeof(spidx));
@@ -791,9 +791,9 @@
KASSERT(inph->inph_sp->sp_out != NULL);
KASSERT(inph->inph_sp->sp_in != NULL);
- error = ipsec_setspidx(m, &inph->inph_sp->sp_in->spidx, 1);
+ error = ipsec_setspidx(m, &inph->inph_sp->sp_in->spidx,
+ IPSEC_DIR_INBOUND, 1);
if (error == 0) {
- inph->inph_sp->sp_in->spidx.dir = IPSEC_DIR_INBOUND;
inph->inph_sp->sp_out->spidx = inph->inph_sp->sp_in->spidx;
inph->inph_sp->sp_out->spidx.dir = IPSEC_DIR_OUTBOUND;
} else {
@@ -811,7 +811,8 @@
* the caller is responsible for error recovery (like clearing up spidx).
*/
static int
-ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int needport)
+ipsec_setspidx(struct mbuf *m, struct secpolicyindex *spidx, int dir,
+ int needport)
{
struct ip *ip = NULL;
struct ip ipbuf;
@@ -828,6 +829,9 @@
return EINVAL;
}
+ memset(spidx, 0, sizeof(*spidx));
+ spidx->dir = dir;
+
if (m->m_len >= sizeof(*ip)) {
ip = mtod(m, struct ip *);
} else {
Home |
Main Index |
Thread Index |
Old Index