In ipsec6_output_tunnel() make sure that the SA contents do not change.

The same would apply to ipsec6_output_trans() but there is a larger patch
around which already corrected that case. Do not interfere with that one.

1 files changed, 8 insertions, 1 deletions

diff --git a/sys/netipsec/ipsec_output.c b/sys/netipsec/ipsec_output.c
index b3f978d..4f9b8c59 100644
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@@ -697,6 +697,9 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 		if (isr->saidx.mode == IPSEC_MODE_TUNNEL)
 			break;
 	}
+
+	IPSECREQUEST_LOCK(isr);		/* insure SA contents don't change */
+
 	isr = ipsec_nextisr(m, isr, AF_INET6, &saidx, &error);
 	if (isr == NULL)
 		goto bad;
@@ -769,10 +772,14 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, int
 		goto bad;
 	}
 	ip6 = mtod(m, struct ip6_hdr *);
-	return (*isr->sav->tdb_xform->xf_output)(m, isr, NULL,
+	error = (*isr->sav->tdb_xform->xf_output)(m, isr, NULL,
 		sizeof (struct ip6_hdr),
 		offsetof(struct ip6_hdr, ip6_nxt));
+	IPSECREQUEST_UNLOCK(isr);
+	return error;
 bad:
+	if (isr)
+		IPSECREQUEST_UNLOCK(isr);
 	if (m)
 		m_freem(m);
 	state->m = NULL;