svn commit: r214882 - in stable/8/sys: netinet netinet6 netipsec

Sat, 06 Nov 2010 07:46:39 -0700 

Author: bz
Date: Sat Nov  6 14:46:24 2010
New Revision: 214882
URL: http://svn.freebsd.org/changeset/base/214882

Log:
  MFC r214250:
  
    Make the IPsec SADB embedded route cache a union to be able to hold both the
    legacy and IPv6 route destination address.
    Previously in case of IPv6, there was a memory overwrite due to not enough
    space for the IPv6 address.
  
  PR:           kern/122565

Modified:
  stable/8/sys/netinet/ip_ipsec.c
  stable/8/sys/netinet6/ip6_ipsec.c
  stable/8/sys/netipsec/ipsec_output.c
  stable/8/sys/netipsec/key.c
  stable/8/sys/netipsec/keydb.h
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/sys/netinet/ip_ipsec.c
==============================================================================
--- stable/8/sys/netinet/ip_ipsec.c     Sat Nov  6 14:38:57 2010        
(r214881)
+++ stable/8/sys/netinet/ip_ipsec.c     Sat Nov  6 14:46:24 2010        
(r214882)
@@ -239,7 +239,7 @@ ip_ipsec_mtu(struct mbuf *m, int mtu)
                if (sp->req != NULL &&
                    sp->req->sav != NULL &&
                    sp->req->sav->sah != NULL) {
-                       ro = &sp->req->sav->sah->sa_route;
+                       ro = &sp->req->sav->sah->route_cache.sa_route;
                        if (ro->ro_rt && ro->ro_rt->rt_ifp) {
                                mtu =
                                    ro->ro_rt->rt_rmx.rmx_mtu ?

Modified: stable/8/sys/netinet6/ip6_ipsec.c
==============================================================================
--- stable/8/sys/netinet6/ip6_ipsec.c   Sat Nov  6 14:38:57 2010        
(r214881)
+++ stable/8/sys/netinet6/ip6_ipsec.c   Sat Nov  6 14:46:24 2010        
(r214882)
@@ -366,7 +366,7 @@ ip6_ipsec_mtu(struct mbuf *m)
                if (sp->req != NULL &&
                    sp->req->sav != NULL &&
                    sp->req->sav->sah != NULL) {
-                       ro = &sp->req->sav->sah->sa_route;
+                       ro = &sp->req->sav->sah->route_cache.sa_route;
                        if (ro->ro_rt && ro->ro_rt->rt_ifp) {
                                mtu =
                                    ro->ro_rt->rt_rmx.rmx_mtu ?

Modified: stable/8/sys/netipsec/ipsec_output.c
==============================================================================
--- stable/8/sys/netipsec/ipsec_output.c        Sat Nov  6 14:38:57 2010        
(r214881)
+++ stable/8/sys/netipsec/ipsec_output.c        Sat Nov  6 14:46:24 2010        
(r214882)
@@ -829,7 +829,8 @@ ipsec6_output_tunnel(struct ipsec_output
                }
                ip6 = mtod(m, struct ip6_hdr *);
 
-               state->ro = &isr->sav->sah->sa_route;
+               state->ro =
+                   (struct route *)&isr->sav->sah->route_cache.sin6_route;
                state->dst = (struct sockaddr *)&state->ro->ro_dst;
                dst6 = (struct sockaddr_in6 *)state->dst;
                if (state->ro->ro_rt

Modified: stable/8/sys/netipsec/key.c
==============================================================================
--- stable/8/sys/netipsec/key.c Sat Nov  6 14:38:57 2010        (r214881)
+++ stable/8/sys/netipsec/key.c Sat Nov  6 14:46:24 2010        (r214882)
@@ -2767,9 +2767,9 @@ key_delsah(sah)
                /* remove from tree of SA index */
                if (__LIST_CHAINED(sah))
                        LIST_REMOVE(sah, chain);
-               if (sah->sa_route.ro_rt) {
-                       RTFREE(sah->sa_route.ro_rt);
-                       sah->sa_route.ro_rt = (struct rtentry *)NULL;
+               if (sah->route_cache.sa_route.ro_rt) {
+                       RTFREE(sah->route_cache.sa_route.ro_rt);
+                       sah->route_cache.sa_route.ro_rt = (struct rtentry 
*)NULL;
                }
                free(sah, M_IPSEC_SAH);
        }
@@ -7933,7 +7933,7 @@ key_sa_routechange(dst)
 
        SAHTREE_LOCK();
        LIST_FOREACH(sah, &V_sahtree, chain) {
-               ro = &sah->sa_route;
+               ro = &sah->route_cache.sa_route;
                if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
                 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
                        RTFREE(ro->ro_rt);

Modified: stable/8/sys/netipsec/keydb.h
==============================================================================
--- stable/8/sys/netipsec/keydb.h       Sat Nov  6 14:38:57 2010        
(r214881)
+++ stable/8/sys/netipsec/keydb.h       Sat Nov  6 14:46:24 2010        
(r214882)
@@ -85,6 +85,12 @@ struct seclifetime {
        u_int64_t usetime;
 };
 
+union sa_route_union {
+       struct route            sa_route;
+       struct route            sin_route;      /* Duplicate for consistency. */
+       struct route_in6        sin6_route;
+};
+
 /* Security Association Data Base */
 struct secashead {
        LIST_ENTRY(secashead) chain;
@@ -100,7 +106,7 @@ struct secashead {
                                        /* SA chain */
                                        /* The first of this list is newer SA */
 
-       struct route sa_route;          /* route cache */
+       union sa_route_union route_cache;
 };
 
 struct xformsw;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to