Date: Fri, 3 Dec 2021 23:34:19 GMT From: Robert Wing <rew@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: fc21aafe5ff2 - main - ipsec: fix a panic with INVARIANTS Message-ID: <202112032334.1B3NYJRC078653@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by rew: URL: https://cgit.FreeBSD.org/src/commit/?id=fc21aafe5ff2e02124ad004ee1c7e28b1ea5486a commit fc21aafe5ff2e02124ad004ee1c7e28b1ea5486a Author: Robert Wing <rew@FreeBSD.org> AuthorDate: 2021-12-03 23:22:23 +0000 Commit: Robert Wing <rew@FreeBSD.org> CommitDate: 2021-12-03 23:22:23 +0000 ipsec: fix a panic with INVARIANTS When adding an SPD entry that already exists, a refcount wraparound panic is encountered. This was caused from dropping a reference on the wrong security policy. Fixes: 4920e38fecc3 ("ipsec: fix race condition in key.c") Reviewed by: wma Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D33100 --- sys/netipsec/key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index cd2f8a4ccafa..4eb4c7c76464 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -2039,7 +2039,7 @@ key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) __func__, oldsp)); KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); } else { - key_freesp(&newsp); + key_freesp(&oldsp); ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n", __func__)); return (key_senderror(so, m, EEXIST));
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202112032334.1B3NYJRC078653>