diff options
| author | thompsa <thompsa@FreeBSD.org> | 2007-12-26 08:41:58 +0000 |
|---|---|---|
| committer | thompsa <thompsa@FreeBSD.org> | 2007-12-26 08:41:58 +0000 |
| commit | 19ae9a5e773935b7d124c45606ca64d72213a810 (patch) | |
| tree | ffaf8845544e0ad6568ad2bab55b0fae743989db /sys | |
| parent | fff68913a67ad5f2b7f9c64f14ea2d2fc0d7bdc8 (diff) | |
| download | FreeBSD-src-19ae9a5e773935b7d124c45606ca64d72213a810.zip FreeBSD-src-19ae9a5e773935b7d124c45606ca64d72213a810.tar.gz | |
Fix a panic where if the mbuf was consumed by the filter for requeueing
(dummynet), ipsec_filter() would return the empty error code and the ipsec code
would continue to forward/deference the null mbuf.
Found by: m0n0wall
Reviewed by: bz
MFC after: 3 days
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if_enc.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/net/if_enc.c b/sys/net/if_enc.c index 3ab9081..94d887f 100644 --- a/sys/net/if_enc.c +++ b/sys/net/if_enc.c @@ -293,6 +293,13 @@ ipsec_filter(struct mbuf **mp, int dir, int flags) printf("%s: unknown IP version\n", __func__); } + /* + * If the mbuf was consumed by the filter for requeueing (dummynet, etc) + * then error will be zero but we still want to return an error to our + * caller so the null mbuf isn't forwarded further. + */ + if (*mp == NULL && error == 0) + return (-1); /* Consumed by the filter */ if (*mp == NULL) return (error); if (error != 0) |
