PERFORCE change 15328 for review
Robert Watson
rwatson at freebsd.org
Wed Jul 31 17:28:17 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15328
Change 15328 by rwatson at rwatson_tislabs on 2002/07/31 10:28:15
Change the logic for IPsec and MAC policy composition a little
so that it looks a bit more like the existing logic. Fix
a bug wherein n might be freed but not nulled (possibly not
possible).
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#15 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#15 (text+ko) ====
@@ -145,10 +145,9 @@
continue;
if (last) {
struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
- int policyfail;
+ int policyfail = 0;
if (n != NULL) {
- policyfail = 0;
#ifdef IPSSEC
/* check AH/ESP integrity. */
if (ipsec4_in_reject_so(n, last->inp_socket)) {
@@ -163,10 +162,10 @@
n) != 0)
policyfail = 1;
#endif
- if (policyfail)
- m_freem(n);
}
- if (n) {
+ if (policyfail)
+ m_freem(n);
+ else if (n) {
if (last->inp_flags & INP_CONTROLOPTS ||
last->inp_socket->so_options & SO_TIMESTAMP)
ip_savecontrol(last, &opts, ip, n);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list