summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorthompsa <thompsa@FreeBSD.org>2007-12-26 08:41:58 +0000
committerthompsa <thompsa@FreeBSD.org>2007-12-26 08:41:58 +0000
commit19ae9a5e773935b7d124c45606ca64d72213a810 (patch)
treeffaf8845544e0ad6568ad2bab55b0fae743989db
parentfff68913a67ad5f2b7f9c64f14ea2d2fc0d7bdc8 (diff)
downloadFreeBSD-src-19ae9a5e773935b7d124c45606ca64d72213a810.zip
FreeBSD-src-19ae9a5e773935b7d124c45606ca64d72213a810.tar.gz
Fix a panic where if the mbuf was consumed by the filter for requeueing
(dummynet), ipsec_filter() would return the empty error code and the ipsec code would continue to forward/deference the null mbuf. Found by: m0n0wall Reviewed by: bz MFC after: 3 days
-rw-r--r--sys/net/if_enc.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c
index 3ab9081..94d887f 100644
--- a/sys/net/if_enc.c
+++ b/sys/net/if_enc.c
@@ -293,6 +293,13 @@ ipsec_filter(struct mbuf **mp, int dir, int flags)
printf("%s: unknown IP version\n", __func__);
}
+ /*
+ * If the mbuf was consumed by the filter for requeueing (dummynet, etc)
+ * then error will be zero but we still want to return an error to our
+ * caller so the null mbuf isn't forwarded further.
+ */
+ if (*mp == NULL && error == 0)
+ return (-1); /* Consumed by the filter */
if (*mp == NULL)
return (error);
if (error != 0)
OpenPOWER on IntegriCloud