Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Feb 2016 19:35:20 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 207312] Useless check in netipsec/key.c
Message-ID:  <bug-207312-8@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207312

            Bug ID: 207312
           Summary: Useless check in netipsec/key.c
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: mi@FreeBSD.org
                CC: ae@FreeBSD.org, sam@FreeBSD.org

Created attachment 167155
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=167155&action=edit
Remove a silly check, const-poison key-handling

The article at

  http://www.viva64.com/en/b/0377/

listed a problem with the KAME-derived code: the key_parse() function is
comparing m->m_pkthdr.len with itself. We have this line since 2002, when sam
committed what was than known as FAST_IPSEC option in base r105197.

The original KAME sources (https://github.com/kame/kame/) and NetBSD have this
issue, but I could not find this code in OpenBSD cvs-repo online.

The minimal fix is to simply remove the useless check -- something the compiler
must've been doing automatically ever since:

@@ -7245,9 +7245,8 @@ key_parse(struct mbuf *m, struct socket
        orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
        target = KEY_SENDUP_ONE;

-       if ((m->m_flags & M_PKTHDR) == 0 ||
-           m->m_pkthdr.len != m->m_pkthdr.len) {
-               ipseclog((LOG_DEBUG, "%s: invalid message
length.\n",__func__));
+       if ((m->m_flags & M_PKTHDR) == 0) {
+               ipseclog((LOG_DEBUG, "%s: invalid message length.\n",
__func__));
                PFKEYSTAT_INC(out_invlen);
                error = EINVAL;
                goto senderror;

However, the attached patch goes further and adds "const-poisoning" to
functions in netipsec/key.c and netipsec/keysock.c . Please, review.

-- 
You are receiving this mail because:
You are the assignee for the bug.
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207312-8>