When IPSEC fails to allocate policy state for an inpcb, and MAC is in use,

free the MAC label on the inpcb before freeing the inpcb. MFC after: 3 days Submitted by: tanyong <tanyong at ercist dot iscas dot ac dot cn>, zhouzhouyi
2007-12-22 10:06:11 +00:00 · 2007-12-22 10:06:11 +00:00 · 0bffde27b2
commit 0bffde27b2
parent 6829a5c59e
1 changed files with 5 additions and 1 deletions
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@ -197,8 +197,12 @@ in_pcballoc(struct socket *so, struct inpcbinfo *pcbinfo)

 #ifdef IPSEC
 	error = ipsec_init_policy(so, &inp->inp_sp);
-	if (error != 0)
+	if (error != 0) {
+#ifdef MAC
+		mac_inpcb_destroy(inp);
+#endif
 		goto out;
+}
 #endif /*IPSEC*/
 #ifdef INET6
 	if (INP_SOCKAF(so) == AF_INET6) {