Date: Sun, 16 Sep 2007 09:46:49 GMT From: Arnaud Degroote <degroote@NetBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/116392: Interrupt level not restored correctly in ip_ipsec_input Message-ID: <200709160946.l8G9knAL010880@www.freebsd.org> Resent-Message-ID: <200709160950.l8G9o1Xd053994@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116392
>Category: kern
>Synopsis: Interrupt level not restored correctly in ip_ipsec_input
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 16 09:50:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Arnaud Degroote
>Release: HEAD
>Organization:
>Environment:
No freebsd box. Code inspection
>Description:
In ip_ipsec_input and ip6_ipsec_input, in case where sp == NULL, we go out of the function with a return 1 without restoring the right interrupt level.
>How-To-Repeat:
N/A
>Fix:
For ip6_ipsec.c you can use that. The same patch is necessary on ip_ipsec.c
--- ip6_ipsec.orig.c 2007-09-16 11:42:15.000000000 +0200
+++ ip6_ipsec.c 2007-09-16 11:42:35.000000000 +0200
@@ -181,7 +181,6 @@
/* XXX error stat??? */
error = EINVAL;
DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/
- return 1;
}
splx(s);
if (error)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709160946.l8G9knAL010880>