diff options
author | vanhu <vanhu@FreeBSD.org> | 2010-05-12 11:49:15 +0000 |
---|---|---|
committer | vanhu <vanhu@FreeBSD.org> | 2010-05-12 11:49:15 +0000 |
commit | 5bcdf64805f7eb94260d01a2635d9ca1aa8cceb7 (patch) | |
tree | b4bf1a7133cd4cc4a12a01cfee885a181f558e09 /sys/netipsec | |
parent | ff311c2c9afe9a565c19f3e16e22cbff786b27cd (diff) | |
download | FreeBSD-src-5bcdf64805f7eb94260d01a2635d9ca1aa8cceb7.zip FreeBSD-src-5bcdf64805f7eb94260d01a2635d9ca1aa8cceb7.tar.gz |
MFC:
Set/update SA's NAT-T stuff before calling key_mature() in
key_add() and key_update(), as the SA may be used as soon as
key_mature() has been called
Obtained from: NETASQ
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 3a0a2ab..b43acb8 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -5158,12 +5158,6 @@ key_update(so, m, mhp) return key_senderror(so, m, error); } - /* check SA values to be mature. */ - if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { - KEY_FREESAV(&sav); - return key_senderror(so, m, 0); - } - #ifdef IPSEC_NAT_T /* * Handle more NAT-T info if present, @@ -5190,6 +5184,12 @@ key_update(so, m, mhp) #endif #endif + /* check SA values to be mature. */ + if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { + KEY_FREESAV(&sav); + return key_senderror(so, m, 0); + } + { struct mbuf *n; @@ -5424,12 +5424,6 @@ key_add(so, m, mhp) return key_senderror(so, m, error); } - /* check SA values to be mature. */ - if ((error = key_mature(newsav)) != 0) { - KEY_FREESAV(&newsav); - return key_senderror(so, m, error); - } - #ifdef IPSEC_NAT_T /* * Handle more NAT-T info if present, @@ -5449,6 +5443,12 @@ key_add(so, m, mhp) #endif #endif + /* check SA values to be mature. */ + if ((error = key_mature(newsav)) != 0) { + KEY_FREESAV(&newsav); + return key_senderror(so, m, error); + } + /* * don't call key_freesav() here, as we would like to keep the SA * in the database on success. |