svn commit: r323216 - stable/11/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Wed Sep 6 10:21:30 UTC 2017
Author: ae
Date: Wed Sep 6 10:21:28 2017
New Revision: 323216
URL: https://svnweb.freebsd.org/changeset/base/323216
Log:
MFC r323086:
Fix possible double releasing for SA reference.
This is missing part of r318734. When crypto subsystem returns error
the xform code handles an error independently.
PR: 221849
Modified:
stable/11/sys/netipsec/udpencap.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netipsec/udpencap.c
==============================================================================
--- stable/11/sys/netipsec/udpencap.c Wed Sep 6 09:19:54 2017 (r323215)
+++ stable/11/sys/netipsec/udpencap.c Wed Sep 6 10:21:28 2017 (r323216)
@@ -120,7 +120,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
struct udphdr *udp;
struct ip *ip;
uint32_t spi;
- int error, hlen;
+ int hlen;
/*
* Just return if packet doesn't have enough data.
@@ -205,10 +205,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
* will do this anyway, so don't touch them here.
*/
ESPSTAT_INC(esps_input);
- error = (*sav->tdb_xform->xf_input)(m, sav, hlen, off);
- if (error != 0)
- key_freesav(&sav);
-
+ (*sav->tdb_xform->xf_input)(m, sav, hlen, off);
return (EINPROGRESS); /* Consumed by IPsec. */
}
More information about the svn-src-all
mailing list