From 6ea140035b15c1c3554f6526405c31ec69408c97 Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Sun, 14 Jan 2001 17:25:08 +0000
Subject: fixed possibility of panic at key_acquire(). key_acquire() does not
 require a secpolicy structure.

Obtained from:	KAME
---
 sys/netkey/key.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'sys/netkey')

diff --git a/sys/netkey/key.c b/sys/netkey/key.c
index 8e9e356..497695a 100644
--- a/sys/netkey/key.c
+++ b/sys/netkey/key.c
@@ -5513,19 +5513,16 @@ key_acquire(saidx, sp)
 #ifndef IPSEC_NONBLOCK_ACQUIRE
 	struct secacq *newacq;
 #endif
-	struct secpolicyindex *spidx = NULL;
 	u_int8_t satype;
 	int error = -1;
 	u_int32_t seq;
 
 	/* sanity check */
-	if (saidx == NULL || sp == NULL)
+	if (saidx == NULL)
 		panic("key_acquire: NULL pointer is passed.\n");
 	if ((satype = key_proto2satype(saidx->proto)) == 0)
 		panic("key_acquire: invalid proto is passed.\n");
 
-	spidx = &sp->spidx;
-
 #ifndef IPSEC_NONBLOCK_ACQUIRE
 	/*
 	 * We never do anything about acquirng SA.  There is anather
@@ -5588,12 +5585,14 @@ key_acquire(saidx, sp)
 	/* XXX proxy address (optional) */
 
 	/* set sadb_x_policy */
-	m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
-	if (!m) {
-		error = ENOBUFS;
-		goto fail;
+	if (sp) {
+		m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
+		if (!m) {
+			error = ENOBUFS;
+			goto fail;
+		}
+		m_cat(result, m);
 	}
-	m_cat(result, m);
 
 	/* XXX identity (optional) */
 #if 0
-- 
cgit v1.1