svn commit: r309247 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Mon Nov 28 11:14:39 UTC 2016
Author: ae
Date: Mon Nov 28 11:14:38 2016
New Revision: 309247
URL: https://svnweb.freebsd.org/changeset/base/309247
Log:
Do not report success, when policy was not deleted in SADB_SPDDELETE2.
Modified:
projects/ipsec/sys/netipsec/key.c
Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c Mon Nov 28 08:13:20 2016 (r309246)
+++ projects/ipsec/sys/netipsec/key.c Mon Nov 28 11:14:38 2016 (r309247)
@@ -2026,6 +2026,12 @@ key_spddelete2(struct socket *so, struct
printf("%s: SP(%p)\n", __func__, sp));
KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
key_unlink(sp);
+ if (sp->state != IPSEC_SPSTATE_DEAD) {
+ ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n",
+ __func__, id));
+ key_freesp(&sp);
+ return (key_senderror(so, m, EACCES));
+ }
key_freesp(&sp);
{
More information about the svn-src-projects
mailing list