Set SA's natt_type before calling key_mature() in key_add(),

as the SA may be used as soon as key_mature() has been done. Obtained from: NETASQ MFC after: 1 week
svn path=/head/; revision=207652
2010-05-05 08:58:58 +00:00 · 2010-05-05 08:58:58 +00:00 · 2e8d55c4e8 · 2020-12-20 02:59:44 +00:00
commit 2e8d55c4e8
parent 2d2a2083f7
1 changed files with 6 additions and 6 deletions
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@ -5422,12 +5422,6 @@ key_add(so, m, mhp)
 		return key_senderror(so, m, error);
 	}

-	/* check SA values to be mature. */
-	if ((error = key_mature(newsav)) != 0) {
-		KEY_FREESAV(&newsav);
-		return key_senderror(so, m, error);
-	}
-
 #ifdef IPSEC_NAT_T
 	/*
 	 * Handle more NAT-T info if present,
@ -5447,6 +5441,12 @@ key_add(so, m, mhp)
 #endif
 #endif

+	/* check SA values to be mature. */
+	if ((error = key_mature(newsav)) != 0) {
+		KEY_FREESAV(&newsav);
+		return key_senderror(so, m, error);
+	}
+
 	/*
 	 * don't call key_freesav() here, as we would like to keep the SA
 	 * in the database on success.