git: e469b16d0b91 - main - ipsec: fix edge case detection in key_getnewspid
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 14 Nov 2021 20:17:46 UTC
The branch main has been updated by mjg:
URL: https://cgit.FreeBSD.org/src/commit/?id=e469b16d0b91c0c37427a19d574c112c9eaba6e5
commit e469b16d0b91c0c37427a19d574c112c9eaba6e5
Author: Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2021-11-03 18:50:41 +0000
Commit: Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2021-11-14 20:17:34 +0000
ipsec: fix edge case detection in key_getnewspid
Same comparison problem as in key_do_getnewspi.
Reviewed by: ae
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32827
---
sys/netipsec/key.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 9a810fa49931..e2e1d76911ec 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2147,10 +2147,12 @@ key_getnewspid(void)
{
struct secpolicy *sp;
uint32_t newid = 0;
- int count = V_key_spi_trycnt; /* XXX */
+ int tries, limit;
SPTREE_WLOCK_ASSERT();
- while (count--) {
+
+ limit = atomic_load_int(&V_key_spi_trycnt);
+ for (tries = 0; tries < limit; tries++) {
if (V_policy_id == ~0) /* overflowed */
newid = V_policy_id = 1;
else
@@ -2162,7 +2164,7 @@ key_getnewspid(void)
if (sp == NULL)
break;
}
- if (count == 0 || newid == 0) {
+ if (tries == limit || newid == 0) {
ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n",
__func__));
return (0);