svn commit: r323086 - head/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Fri Sep 1 11:51:09 UTC 2017
Author: ae
Date: Fri Sep 1 11:51:07 2017
New Revision: 323086
URL: https://svnweb.freebsd.org/changeset/base/323086
Log:
Fix possible double releasing for SA reference.
This is missing part of r318734. When crypto subsystem returns error
the xform code handles an error independently.
PR: 221849
MFC after: 5 days
Modified:
head/sys/netipsec/udpencap.c
Modified: head/sys/netipsec/udpencap.c
==============================================================================
--- head/sys/netipsec/udpencap.c Fri Sep 1 11:14:30 2017 (r323085)
+++ head/sys/netipsec/udpencap.c Fri Sep 1 11:51:07 2017 (r323086)
@@ -120,7 +120,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
struct udphdr *udp;
struct ip *ip;
uint32_t spi;
- int error, hlen;
+ int hlen;
/*
* Just return if packet doesn't have enough data.
@@ -205,10 +205,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
* will do this anyway, so don't touch them here.
*/
ESPSTAT_INC(esps_input);
- error = (*sav->tdb_xform->xf_input)(m, sav, hlen, off);
- if (error != 0)
- key_freesav(&sav);
-
+ (*sav->tdb_xform->xf_input)(m, sav, hlen, off);
return (EINPROGRESS); /* Consumed by IPsec. */
}
More information about the svn-src-all
mailing list