From owner-freebsd-net@FreeBSD.ORG Thu Feb 14 23:58:57 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8238F16A41B for ; Thu, 14 Feb 2008 23:58:57 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from shrew.net (206-223-169-85.beanfield.net [206.223.169.85]) by mx1.freebsd.org (Postfix) with ESMTP id 6A41A13C43E for ; Thu, 14 Feb 2008 23:58:57 +0000 (UTC) (envelope-from mgrooms@shrew.net) Received: from localhost (wm-ca.hub.org [206.223.169.82]) by shrew.net (Postfix) with ESMTP id B164D79E510 for ; Thu, 14 Feb 2008 17:34:26 -0600 (CST) Received: from shrew.net ([206.223.169.85]) by localhost (mx1.hub.org [206.223.169.82]) (amavisd-new, port 10024) with ESMTP id 69428-09 for ; Thu, 14 Feb 2008 23:34:26 +0000 (UTC) Received: from hole.shrew.net (cpe-66-25-136-5.austin.res.rr.com [66.25.136.5]) by shrew.net (Postfix) with ESMTP id DFC7079E343 for ; Thu, 14 Feb 2008 17:34:25 -0600 (CST) Received: from [10.22.200.30] ([10.22.200.30]) by hole.shrew.net (8.13.8/8.13.8) with ESMTP id m1ENYEJS009834 for ; Thu, 14 Feb 2008 17:34:14 -0600 (CST) (envelope-from mgrooms@shrew.net) Message-ID: <47B4D002.5090101@shrew.net> Date: Thu, 14 Feb 2008 17:34:26 -0600 From: Matthew Grooms User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: multipart/mixed; boundary="------------050209060208070009030704" Subject: KAME IPsec spd_delete2 bug ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2008 23:58:57 -0000 This is a multi-part message in MIME format. --------------050209060208070009030704 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit All, There is a bug in /usr/src/sys/netipsec/key.c in FreeBSD KAME IPsec sources. If an spd_delete2 message is submitted for an invalid policy id, the kernel crashes. Can someone please commit this trivial patch? I'm afraid its against 6.2 sources but its also only one line. Thanks, -Matthew --------------050209060208070009030704 Content-Type: text/plain; name="spddelete.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="spddelete.diff" --- key.c Fri Feb 15 02:18:16 2008 +++ key.c.fixed Fri Feb 15 02:18:35 2008 @@ -2125,7 +2125,7 @@ /* Is there SP in SPD ? */ if ((sp = key_getspbyid(id)) == NULL) { ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); - key_senderror(so, m, EINVAL); + return key_senderror(so, m, EINVAL); } sp->state = IPSEC_SPSTATE_DEAD; --------------050209060208070009030704--