ipsec: fix edge case detection in key_getnewspid
Same comparison problem as in key_do_getnewspi. Reviewed by: ae Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32827
This commit is contained in:
parent
2f35e7d9fa
commit
e469b16d0b
@ -2147,10 +2147,12 @@ key_getnewspid(void)
|
||||
{
|
||||
struct secpolicy *sp;
|
||||
uint32_t newid = 0;
|
||||
int count = V_key_spi_trycnt; /* XXX */
|
||||
int tries, limit;
|
||||
|
||||
SPTREE_WLOCK_ASSERT();
|
||||
while (count--) {
|
||||
|
||||
limit = atomic_load_int(&V_key_spi_trycnt);
|
||||
for (tries = 0; tries < limit; tries++) {
|
||||
if (V_policy_id == ~0) /* overflowed */
|
||||
newid = V_policy_id = 1;
|
||||
else
|
||||
@ -2162,7 +2164,7 @@ key_getnewspid(void)
|
||||
if (sp == NULL)
|
||||
break;
|
||||
}
|
||||
if (count == 0 || newid == 0) {
|
||||
if (tries == limit || newid == 0) {
|
||||
ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n",
|
||||
__func__));
|
||||
return (0);
|
||||
|
Loading…
Reference in New Issue
Block a user