diff options
author | ae <ae@FreeBSD.org> | 2017-05-03 09:25:26 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2017-05-03 09:25:26 +0000 |
commit | 90f1795e78e3f13d5a49412f5dd7a349f1423fd9 (patch) | |
tree | a873d2410726041790039af694ff9ed72997696c /sys/netipsec | |
parent | 81d573b54197a04eba095385616230a9712c77c2 (diff) | |
download | FreeBSD-src-90f1795e78e3f13d5a49412f5dd7a349f1423fd9.zip FreeBSD-src-90f1795e78e3f13d5a49412f5dd7a349f1423fd9.tar.gz |
MFC r317431:
Fix SP refcount leak.
PCB SP cache acquires extra reference, when SP is stored in the cache.
Release this reference when PCB is destroyed in ipsec_delete_pcbpolicy().
In ipsec_copy_pcbpolicy() release reference to SP in case if sp_in or
sp_out are not NULL.
Reported by: Slawa Olhovchenkov <slw at zxy spb ru>
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec_pcb.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/netipsec/ipsec_pcb.c b/sys/netipsec/ipsec_pcb.c index b6ed5f3..616cbb1 100644 --- a/sys/netipsec/ipsec_pcb.c +++ b/sys/netipsec/ipsec_pcb.c @@ -172,10 +172,10 @@ ipsec_delete_pcbpolicy(struct inpcb *inp) if (inp->inp_sp == NULL) return (0); - if (inp->inp_sp->flags & INP_INBOUND_POLICY) + if (inp->inp_sp->sp_in != NULL) key_freesp(&inp->inp_sp->sp_in); - if (inp->inp_sp->flags & INP_OUTBOUND_POLICY) + if (inp->inp_sp->sp_out != NULL) key_freesp(&inp->inp_sp->sp_out); free(inp->inp_sp, M_IPSEC_INPCB); @@ -250,6 +250,8 @@ ipsec_copy_pcbpolicy(struct inpcb *old, struct inpcb *new) if (sp == NULL) return (ENOBUFS); ipsec_setspidx_inpcb(new, &sp->spidx, IPSEC_DIR_INBOUND); + if (new->inp_sp->sp_in != NULL) + key_freesp(&new->inp_sp->sp_in); new->inp_sp->sp_in = sp; new->inp_sp->flags |= INP_INBOUND_POLICY; } @@ -258,6 +260,8 @@ ipsec_copy_pcbpolicy(struct inpcb *old, struct inpcb *new) if (sp == NULL) return (ENOBUFS); ipsec_setspidx_inpcb(new, &sp->spidx, IPSEC_DIR_OUTBOUND); + if (new->inp_sp->sp_out != NULL) + key_freesp(&new->inp_sp->sp_out); new->inp_sp->sp_out = sp; new->inp_sp->flags |= INP_OUTBOUND_POLICY; } |