Date: Wed, 1 Feb 2017 19:36:33 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r313046 - projects/ipsec/sys/netipsec Message-ID: <201702011936.v11JaXrK044604@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Wed Feb 1 19:36:33 2017 New Revision: 313046 URL: https://svnweb.freebsd.org/changeset/base/313046 Log: Fix out of bounds of the requests array due to wrong check. Modified: projects/ipsec/sys/netipsec/ipsec_output.c Modified: projects/ipsec/sys/netipsec/ipsec_output.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec_output.c Wed Feb 1 19:33:00 2017 (r313045) +++ projects/ipsec/sys/netipsec/ipsec_output.c Wed Feb 1 19:36:33 2017 (r313046) @@ -167,10 +167,8 @@ next: * IPsec processing, i.e. return EJUSTRETURN. * But first check if there is some bundled transform. */ - if (sp->tcount > (*pidx)) { - (*pidx)++; + if (sp->tcount > ++(*pidx)) goto next; - } *error = EJUSTRETURN; } return (NULL); @@ -487,10 +485,8 @@ next: * IPsec processing, i.e. return EJUSTRETURN. * But first check if there is some bundled transform. */ - if (sp->tcount > (*pidx)) { - (*pidx)++; + if (sp->tcount > ++(*pidx)) goto next; - } *error = EJUSTRETURN; } return (NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702011936.v11JaXrK044604>