svn commit: r220194 - head/sys/netipsec
Fabien Thomas
fabient at FreeBSD.org
Thu Mar 31 13:14:24 UTC 2011
Author: fabient
Date: Thu Mar 31 13:14:24 2011
New Revision: 220194
URL: http://svn.freebsd.org/changeset/base/220194
Log:
Fix two SA refcount:
- AH does not release the SA like in ESP/IPCOMP when handling EAGAIN
- ipsec_process_done incorrectly release the SA.
Reviewed by: vanhu
MFC after: 1 week
Modified:
head/sys/netipsec/ipsec_output.c
head/sys/netipsec/xform_ah.c
Modified: head/sys/netipsec/ipsec_output.c
==============================================================================
--- head/sys/netipsec/ipsec_output.c Thu Mar 31 13:06:51 2011 (r220193)
+++ head/sys/netipsec/ipsec_output.c Thu Mar 31 13:14:24 2011 (r220194)
@@ -247,7 +247,6 @@ ipsec_process_done(struct mbuf *m, struc
panic("ipsec_process_done");
bad:
m_freem(m);
- KEY_FREESAV(&sav);
return (error);
}
Modified: head/sys/netipsec/xform_ah.c
==============================================================================
--- head/sys/netipsec/xform_ah.c Thu Mar 31 13:06:51 2011 (r220193)
+++ head/sys/netipsec/xform_ah.c Thu Mar 31 13:14:24 2011 (r220194)
@@ -785,6 +785,7 @@ ah_input_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
+ KEY_FREESAV(&sav);
error = crypto_dispatch(crp);
return error;
}
More information about the svn-src-head
mailing list