diff options
author | Andrey V. Elsukov <ae@FreeBSD.org> | 2015-04-18 16:58:33 +0000 |
---|---|---|
committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2015-04-18 16:58:33 +0000 |
commit | 962ac6c727a61ecd0438e8f365ead72a67f6a450 (patch) | |
tree | a9e1608200cc8668013854e1f3cceddd49bd64e6 /sys/netipsec/xform_ipcomp.c | |
parent | 1d3b268c044553db9800d93cb858691fc79bc8ba (diff) | |
download | src-962ac6c727a61ecd0438e8f365ead72a67f6a450.tar.gz src-962ac6c727a61ecd0438e8f365ead72a67f6a450.zip |
Change ipsec_address() and ipsec_logsastr() functions to take two
additional arguments - buffer and size of this buffer.
ipsec_address() is used to convert sockaddr structure to presentation
format. The IPv6 part of this function returns pointer to the on-stack
buffer and at the moment when it will be used by caller, it becames
invalid. IPv4 version uses 4 static buffers and returns pointer to
new buffer each time when it called. But anyway it is still possible
to get corrupted data when several threads will use this function.
ipsec_logsastr() is used to format string about SA entry. It also
uses static buffer and has the same problem with concurrent threads.
To fix these problems add the buffer pointer and size of this
buffer to arguments. Now each caller will pass buffer and its size
to these functions. Also convert all places where these functions
are used (except disabled code).
And now ipsec_address() uses inet_ntop() function from libkern.
PR: 185996
Differential Revision: https://reviews.freebsd.org/D2321
Reviewed by: gnn
Sponsored by: Yandex LLC
Notes
Notes:
svn path=/head/; revision=281695
Diffstat (limited to 'sys/netipsec/xform_ipcomp.c')
-rw-r--r-- | sys/netipsec/xform_ipcomp.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index e7035cb63c06..5f3afd93832a 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -224,6 +224,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) static int ipcomp_input_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; struct cryptodesc *crd; struct tdb_crypto *tc; int skip, protoff; @@ -298,8 +299,8 @@ ipcomp_input_cb(struct cryptop *crp) if (error) { IPCOMPSTAT_INC(ipcomps_hdrops); DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), + (u_long) ntohl(sav->spi))); goto bad; } @@ -340,14 +341,10 @@ bad: * IPComp output routine, called by ipsec[46]_process_packet() */ static int -ipcomp_output( - struct mbuf *m, - struct ipsecrequest *isr, - struct mbuf **mp, - int skip, - int protoff -) +ipcomp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp, + int skip, int protoff) { + char buf[INET6_ADDRSTRLEN]; struct secasvar *sav; struct comp_algo *ipcompx; int error, ralen, maxpacketsize; @@ -391,7 +388,7 @@ ipcomp_output( DPRINTF(("%s: unknown/unsupported protocol family %d, " "IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi))); error = EPFNOSUPPORT; goto bad; @@ -400,7 +397,7 @@ ipcomp_output( IPCOMPSTAT_INC(ipcomps_toobig); DPRINTF(("%s: packet in IPCA %s/%08lx got too big " "(len %u, max len %u)\n", __func__, - ipsec_address(&sav->sah->saidx.dst), + ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi), ralen + skip + IPCOMP_HLENGTH, maxpacketsize)); error = EMSGSIZE; @@ -414,8 +411,8 @@ ipcomp_output( if (m == NULL) { IPCOMPSTAT_INC(ipcomps_hdrops); DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; } @@ -482,6 +479,7 @@ bad: static int ipcomp_output_cb(struct cryptop *crp) { + char buf[INET6_ADDRSTRLEN]; struct tdb_crypto *tc; struct ipsecrequest *isr; struct secasvar *sav; @@ -539,8 +537,8 @@ ipcomp_output_cb(struct cryptop *crp) if (mo == NULL) { IPCOMPSTAT_INC(ipcomps_wrap); DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n", - __func__, ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + __func__, ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = ENOBUFS; goto bad; } @@ -586,8 +584,8 @@ ipcomp_output_cb(struct cryptop *crp) DPRINTF(("%s: unknown/unsupported protocol " "family %d, IPCA %s/%08lx\n", __func__, sav->sah->saidx.dst.sa.sa_family, - ipsec_address(&sav->sah->saidx.dst), - (u_long) ntohl(sav->spi))); + ipsec_address(&sav->sah->saidx.dst, buf, + sizeof(buf)), (u_long) ntohl(sav->spi))); error = EPFNOSUPPORT; goto bad; } |