diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 15:15:04 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 12:00:17 -0500 |
commit | bb466eea7f9d028b02a41894bcfa9463f5d8399b (patch) | |
tree | 280662045a5513fdb61c15079654b36f17a83bee /sys/netipsec/ipsec.h | |
parent | 850e148cc4be95b3f1ab4e6f978b4281357ead7d (diff) | |
download | FreeBSD-src-bb466eea7f9d028b02a41894bcfa9463f5d8399b.zip FreeBSD-src-bb466eea7f9d028b02a41894bcfa9463f5d8399b.tar.gz |
MFC r279234:
Fix possible memory leak and several races in the IPsec policy management
code.
Resurrect the state field in the struct secpolicy, it has
IPSEC_SPSTATE_ALIVE value when security policy linked in the chain,
and IPSEC_SPSTATE_DEAD value in all other cases. This field protects
from trying to unlink one security policy several times from the different
threads.
Take additional reference in the key_flush_spd() to be sure that policy
won't be freed from the different thread while we are sending SPDEXPIRE message.
Add KEY_FREESP() call to the key_unlink() to release additional reference
that we take when use key_getsp*() functions.
Differential Revision: https://reviews.freebsd.org/D1914
Tested by: Emeric POUPON <emeric.poupon at stormshield dot eu>
Reviewed by: hrs
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
Issue: #4841
Diffstat (limited to 'sys/netipsec/ipsec.h')
-rw-r--r-- | sys/netipsec/ipsec.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index 7704629..dddbf4c 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -89,6 +89,9 @@ struct secpolicy { /* if policy == IPSEC else this value == NULL.*/ u_int refcnt; /* reference count */ u_int policy; /* policy_type per pfkeyv2.h */ + u_int state; +#define IPSEC_SPSTATE_DEAD 0 +#define IPSEC_SPSTATE_ALIVE 1 u_int32_t id; /* It's unique number on the system. */ /* * lifetime handler. |