Change ipsec_address() and ipsec_logsastr() functions to take two

additional arguments - buffer and size of this buffer. ipsec_address() is used to convert sockaddr structure to presentation format. The IPv6 part of this function returns pointer to the on-stack buffer and at the moment when it will be used by caller, it becames invalid. IPv4 version uses 4 static buffers and returns pointer to new buffer each time when it called. But anyway it is still possible to get corrupted data when several threads will use this function. ipsec_logsastr() is used to format string about SA entry. It also uses static buffer and has the same problem with concurrent threads. To fix these problems add the buffer pointer and size of this buffer to arguments. Now each caller will pass buffer and its size to these functions. Also convert all places where these functions are used (except disabled code). And now ipsec_address() uses inet_ntop() function from libkern. PR: 185996 Differential Revision: https://reviews.freebsd.org/D2321 Reviewed by: gnn Sponsored by: Yandex LLC
2015-04-18 16:58:33 +00:00 · 2015-04-18 16:58:33 +00:00 · 962ac6c727
commit 962ac6c727
parent 1d3b268c04
7 changed files with 104 additions and 131 deletions
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@ -1488,6 +1488,7 @@ ipsec_chkreplay(u_int32_t seq, struct secasvar *sav)
 int
 ipsec_updatereplay(u_int32_t seq, struct secasvar *sav)
 {
 	char buf[128];
 	struct secreplay *replay;
 	u_int32_t diff;
 	int fr;
@ -1567,7 +1568,8 @@ ok:
 			return (1);
 		ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
-		    __func__, replay->overflow, ipsec_logsastr(sav)));
+		    __func__, replay->overflow,
 		    ipsec_logsastr(sav, buf, sizeof(buf))));
 	}
 	replay->count++;
@ -1598,67 +1600,37 @@ vshiftl(unsigned char *bitmap, int nbit, int wsize)
 	}
 }
 #ifdef INET
 /* Return a printable string for the IPv4 address. */
 static char *
 inet_ntoa4(struct in_addr ina)
 {
 	static char buf[4][4 * sizeof "123" + 4];
 	unsigned char *ucp = (unsigned char *) &ina;
 	static int i = 3;
 	/* XXX-BZ Returns static buffer. */
 	i = (i + 1) % 4;
 	sprintf(buf[i], "%d.%d.%d.%d", ucp[0] & 0xff, ucp[1] & 0xff,
 	    ucp[2] & 0xff, ucp[3] & 0xff);
 	return (buf[i]);
 }
 #endif
 /* Return a printable string for the address. */
-char *
+char*
-ipsec_address(union sockaddr_union* sa)
+ipsec_address(union sockaddr_union* sa, char *buf, socklen_t size)
 {
 #ifdef INET6
 	char ip6buf[INET6_ADDRSTRLEN];
 #endif
 	switch (sa->sa.sa_family) {
 #ifdef INET
 	case AF_INET:
-		return (inet_ntoa4(sa->sin.sin_addr));
+		return (inet_ntop(AF_INET, &sa->sin.sin_addr, buf, size));
 #endif /* INET */
 #ifdef INET6
 	case AF_INET6:
-		return (ip6_sprintf(ip6buf, &sa->sin6.sin6_addr));
+		return (inet_ntop(AF_INET6, &sa->sin6.sin6_addr, buf, size));
 #endif /* INET6 */
 	default:
 		return ("(unknown address family)");
 	}
 }
-const char *
+char *
-ipsec_logsastr(struct secasvar *sav)
+ipsec_logsastr(struct secasvar *sav, char *buf, size_t size)
 {
-	static char buf[256];
+	char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
 	char *p;
 	struct secasindex *saidx = &sav->sah->saidx;
-	IPSEC_ASSERT(saidx->src.sa.sa_family == saidx->dst.sa.sa_family,
+	IPSEC_ASSERT(sav->sah->saidx.src.sa.sa_family ==
-		("address family mismatch"));
+	    sav->sah->saidx.dst.sa.sa_family, ("address family mismatch"));
 	p = buf;
 	snprintf(buf, sizeof(buf), "SA(SPI=%u ", (u_int32_t)ntohl(sav->spi));
 	while (p && *p)
 		p++;
 	/* NB: only use ipsec_address on one address at a time. */
 	snprintf(p, sizeof (buf) - (p - buf), "src=%s ",
 		ipsec_address(&saidx->src));
 	while (p && *p)
 		p++;
 	snprintf(p, sizeof (buf) - (p - buf), "dst=%s)",
 		ipsec_address(&saidx->dst));
 	snprintf(buf, size, "SA(SPI=%08lx src=%s dst=%s)",
 	    (u_long)ntohl(sav->spi),
 	    ipsec_address(&sav->sah->saidx.src, sbuf, sizeof(sbuf)),
 	    ipsec_address(&sav->sah->saidx.dst, dbuf, sizeof(dbuf)));
 	return (buf);
 }
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@ -327,8 +327,8 @@ extern size_t ipsec_hdrsiz(struct mbuf *, u_int, struct inpcb *);
 extern size_t ipsec_hdrsiz_tcp(struct tcpcb *);
 union sockaddr_union;
-extern char * ipsec_address(union sockaddr_union* sa);
+extern char *ipsec_address(union sockaddr_union *, char *, socklen_t);
-extern const char *ipsec_logsastr(struct secasvar *);
+extern char *ipsec_logsastr(struct secasvar *, char *, size_t);
 extern void ipsec_dumpmbuf(struct mbuf *);
--- a/sys/netipsec/ipsec_input.c
+++ b/sys/netipsec/ipsec_input.c
@ -121,6 +121,7 @@ static void ipsec4_common_ctlinput(int, struct sockaddr *, void *, int);
 static int
 ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
 {
 	char buf[INET6_ADDRSTRLEN];
 	union sockaddr_union dst_address;
 	struct secasvar *sav;
 	u_int32_t spi;
@ -215,8 +216,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
 	sav = KEY_ALLOCSA(&dst_address, sproto, spi);
 	if (sav == NULL) {
 		DPRINTF(("%s: no key association found for SA %s/%08lx/%u\n",
-			  __func__, ipsec_address(&dst_address),
+		    __func__, ipsec_address(&dst_address, buf, sizeof(buf)),
-			  (u_long) ntohl(spi), sproto));
+		    (u_long) ntohl(spi), sproto));
 		IPSEC_ISTAT(sproto, notdb);
 		m_freem(m);
 		return ENOENT;
@ -224,8 +225,8 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto)
 	if (sav->tdb_xform == NULL) {
 		DPRINTF(("%s: attempted to use uninitialized SA %s/%08lx/%u\n",
-			 __func__, ipsec_address(&dst_address),
+		    __func__, ipsec_address(&dst_address, buf, sizeof(buf)),
-			 (u_long) ntohl(spi), sproto));
+		    (u_long) ntohl(spi), sproto));
 		IPSEC_ISTAT(sproto, noxform);
 		KEY_FREESAV(&sav);
 		m_freem(m);
@ -327,6 +328,7 @@ int
 ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
    int protoff)
 {
 	char buf[INET6_ADDRSTRLEN];
 	int prot, af, sproto, isr_prot;
 	struct ip *ip;
 	struct m_tag *mtag;
@ -365,8 +367,8 @@ ipsec4_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 		 */
 		if (m->m_len < skip && (m = m_pullup(m, skip)) == NULL) {
 			DPRINTF(("%s: processing failed for SA %s/%08lx\n",
-			    __func__, ipsec_address(&sav->sah->saidx.dst),
+			    __func__, ipsec_address(&sav->sah->saidx.dst,
-			    (u_long) ntohl(sav->spi)));
+			    buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
 			IPSEC_ISTAT(sproto, hdrops);
 			error = ENOBUFS;
 			goto bad;
@ -622,6 +624,7 @@ int
 ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
    int protoff)
 {
 	char buf[INET6_ADDRSTRLEN];
 	int prot, af, sproto;
 	struct ip6_hdr *ip6;
 	struct m_tag *mtag;
@ -658,8 +661,8 @@ ipsec6_common_input_cb(struct mbuf *m, struct secasvar *sav, int skip,
 	    (m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
 		DPRINTF(("%s: processing failed for SA %s/%08lx\n",
-		    __func__, ipsec_address(&sav->sah->saidx.dst),
+		    __func__, ipsec_address(&sav->sah->saidx.dst, buf,
-		    (u_long) ntohl(sav->spi)));
+		    sizeof(buf)), (u_long) ntohl(sav->spi)));
 		IPSEC_ISTAT(sproto, hdrops);
 		error = EACCES;
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@ -529,6 +529,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx)
 int
 ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr)
 {
 	char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
 	union sockaddr_union *dst;
 	struct secasindex saidx;
 	struct secasvar *sav;
@ -579,9 +580,10 @@ ipsec4_process_packet(struct mbuf *m, struct ipsecrequest *isr)
 		if (error != 0) {
 			DPRINTF(("%s: encapsulation for SA %s->%s "
 			    "SPI 0x%08x failed with error %d\n", __func__,
-			    ipsec_address(&sav->sah->saidx.src),
+			    ipsec_address(&sav->sah->saidx.src, sbuf,
-			    ipsec_address(&sav->sah->saidx.dst),
+				sizeof(sbuf)),
-			    ntohl(sav->spi), error));
+			    ipsec_address(&sav->sah->saidx.dst, dbuf,
 				sizeof(dbuf)), ntohl(sav->spi), error));
 			goto bad;
 		}
 	}
@ -650,11 +652,9 @@ in6_sa_equal_addrwithscope(const struct sockaddr_in6 *sa, const struct in6_addr
 * IPsec output logic for IPv6.
 */
 int
-ipsec6_process_packet(
+ipsec6_process_packet(struct mbuf *m, struct ipsecrequest *isr)
 	struct mbuf *m,
 	struct ipsecrequest *isr
    )
 {
 	char sbuf[INET6_ADDRSTRLEN], dbuf[INET6_ADDRSTRLEN];
 	struct secasindex saidx;
 	struct secasvar *sav;
 	struct ip6_hdr *ip6;
@ -704,9 +704,10 @@ ipsec6_process_packet(
 		if (error != 0) {
 			DPRINTF(("%s: encapsulation for SA %s->%s "
 			    "SPI 0x%08x failed with error %d\n", __func__,
-			    ipsec_address(&sav->sah->saidx.src),
+			    ipsec_address(&sav->sah->saidx.src, sbuf,
-			    ipsec_address(&sav->sah->saidx.dst),
+				sizeof(sbuf)),
-			    ntohl(sav->spi), error));
+			    ipsec_address(&sav->sah->saidx.dst, dbuf,
 				sizeof(dbuf)), ntohl(sav->spi), error));
 			goto bad;
 		}
 	}
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@ -567,6 +567,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
 static int
 ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 {
 	char buf[128];
 	struct auth_hash *ahx;
 	struct tdb_crypto *tc;
 	struct newah *ah;
@ -596,7 +597,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) {
 		AHSTAT_INC(ahs_replay);
 		DPRINTF(("%s: packet replay failure: %s\n", __func__,
-			  ipsec_logsastr(sav)));
+		    ipsec_logsastr(sav, buf, sizeof(buf))));
 		m_freem(m);
 		return ENOBUFS;
 	}
@ -607,10 +608,10 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	authsize = AUTHSIZE(sav);
 	if (hl != authsize + rplen - sizeof (struct ah)) {
 		DPRINTF(("%s: bad authenticator length %u (expecting %lu)"
-			" for packet in SA %s/%08lx\n", __func__,
+		    " for packet in SA %s/%08lx\n", __func__, hl,
-			hl, (u_long) (authsize + rplen - sizeof (struct ah)),
+		    (u_long) (authsize + rplen - sizeof (struct ah)),
-			ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
-			(u_long) ntohl(sav->spi)));
+		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_badauthl);
 		m_freem(m);
 		return EACCES;
@ -695,6 +696,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 static int
 ah_input_cb(struct cryptop *crp)
 {
 	char buf[INET6_ADDRSTRLEN];
 	int rplen, error, skip, protoff;
 	unsigned char calc[AH_ALEN_MAX];
 	struct mbuf *m;
@ -764,7 +766,7 @@ ah_input_cb(struct cryptop *crp)
 	if (bcmp(ptr + skip + rplen, calc, authsize)) {
 		DPRINTF(("%s: authentication hash mismatch for packet "
 		    "in SA %s/%08lx\n", __func__,
-		    ipsec_address(&saidx->dst),
+		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_badauth);
 		error = EACCES;
@ -803,8 +805,8 @@ ah_input_cb(struct cryptop *crp)
 	error = m_striphdr(m, skip, rplen + authsize);
 	if (error) {
 		DPRINTF(("%s: mangled mbuf chain for SA %s/%08lx\n", __func__,
-		    ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
+		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
-
+		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_hdrops);
 		goto bad;
 	}
@ -843,13 +845,10 @@ bad:
 * AH output routine, called by ipsec[46]_process_packet().
 */
 static int
-ah_output(
+ah_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
-	struct mbuf *m,
+    int skip, int protoff)
 	struct ipsecrequest *isr,
 	struct mbuf **mp,
 	int skip,
 	int protoff)
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct secasvar *sav;
 	struct auth_hash *ahx;
 	struct cryptodesc *crda;
@ -887,7 +886,7 @@ ah_output(
 		DPRINTF(("%s: unknown/unsupported protocol family %u, "
 		    "SA %s/%08lx\n", __func__,
 		    sav->sah->saidx.dst.sa.sa_family,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_nopf);
 		error = EPFNOSUPPORT;
@ -897,7 +896,7 @@ ah_output(
 	if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) {
 		DPRINTF(("%s: packet in SA %s/%08lx got too big "
 		    "(len %u, max len %u)\n", __func__,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi),
 		    rplen + authsize + m->m_pkthdr.len, maxpacketsize));
 		AHSTAT_INC(ahs_toobig);
@ -911,7 +910,7 @@ ah_output(
 	m = m_unshare(m, M_NOWAIT);
 	if (m == NULL) {
 		DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_hdrops);
 		error = ENOBUFS;
@ -924,7 +923,7 @@ ah_output(
 		DPRINTF(("%s: failed to inject %u byte AH header for SA "
 		    "%s/%08lx\n", __func__,
 		    rplen + authsize,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		AHSTAT_INC(ahs_hdrops);		/*XXX differs from openbsd */
 		error = ENOBUFS;
@ -951,9 +950,8 @@ ah_output(
 		if (sav->replay->count == ~0 &&
 		    (sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
 			DPRINTF(("%s: replay counter wrapped for SA %s/%08lx\n",
-				__func__,
+			    __func__, ipsec_address(&sav->sah->saidx.dst, buf,
-				ipsec_address(&sav->sah->saidx.dst),
+			    sizeof(buf)), (u_long) ntohl(sav->spi)));
 				(u_long) ntohl(sav->spi)));
 			AHSTAT_INC(ahs_wrap);
 			error = EINVAL;
 			goto bad;
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@ -268,6 +268,7 @@ esp_zeroize(struct secasvar *sav)
 static int
 esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 {
 	char buf[128];
 	struct auth_hash *esph;
 	struct enc_xform *espx;
 	struct tdb_crypto *tc;
@ -326,9 +327,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	if ((plen & (espx->blocksize - 1)) || (plen <= 0)) {
 		DPRINTF(("%s: payload of %d octets not a multiple of %d octets,"
 		    "  SA %s/%08lx\n", __func__,
-		    plen, espx->blocksize,
+		    plen, espx->blocksize, ipsec_address(&sav->sah->saidx.dst,
-		    ipsec_address(&sav->sah->saidx.dst),
+			buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
 		    (u_long) ntohl(sav->spi)));
 		ESPSTAT_INC(esps_badilen);
 		m_freem(m);
 		return EINVAL;
@ -340,7 +340,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 	if (esph != NULL && sav->replay != NULL &&
 	    !ipsec_chkreplay(ntohl(esp->esp_seq), sav)) {
 		DPRINTF(("%s: packet replay check for %s\n", __func__,
-		    ipsec_logsastr(sav)));	/*XXX*/
+		    ipsec_logsastr(sav, buf, sizeof(buf))));	/*XXX*/
 		ESPSTAT_INC(esps_replay);
 		m_freem(m);
 		return ENOBUFS;		/*XXX*/
@ -431,6 +431,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 static int
 esp_input_cb(struct cryptop *crp)
 {
 	char buf[128];
 	u_int8_t lastthree[3], aalg[AH_HMAC_MAXHASHLEN];
 	int hlen, skip, protoff, error, alen;
 	struct mbuf *m;
@ -507,7 +508,7 @@ esp_input_cb(struct cryptop *crp)
 		if (bcmp(ptr, aalg, alen) != 0) {
 			DPRINTF(("%s: authentication hash mismatch for "
 			    "packet in SA %s/%08lx\n", __func__,
-			    ipsec_address(&saidx->dst),
+			    ipsec_address(&saidx->dst, buf, sizeof(buf)),
 			    (u_long) ntohl(sav->spi)));
 			ESPSTAT_INC(esps_badauth);
 			error = EACCES;
@ -537,7 +538,7 @@ esp_input_cb(struct cryptop *crp)
 			   sizeof (seq), (caddr_t) &seq);
 		if (ipsec_updatereplay(ntohl(seq), sav)) {
 			DPRINTF(("%s: packet replay check for %s\n", __func__,
-			    ipsec_logsastr(sav)));
+			    ipsec_logsastr(sav, buf, sizeof(buf))));
 			ESPSTAT_INC(esps_replay);
 			error = ENOBUFS;
 			goto bad;
@ -555,7 +556,7 @@ esp_input_cb(struct cryptop *crp)
 	if (error) {
 		ESPSTAT_INC(esps_hdrops);
 		DPRINTF(("%s: bad mbuf chain, SA %s/%08lx\n", __func__,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		goto bad;
 	}
@ -567,10 +568,10 @@ esp_input_cb(struct cryptop *crp)
 	if (lastthree[1] + 2 > m->m_pkthdr.len - skip) {
 		ESPSTAT_INC(esps_badilen);
 		DPRINTF(("%s: invalid padding length %d for %u byte packet "
-			"in SA %s/%08lx\n", __func__,
+		    "in SA %s/%08lx\n", __func__, lastthree[1],
-			 lastthree[1], m->m_pkthdr.len - skip,
+		    m->m_pkthdr.len - skip,
-			 ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
-			 (u_long) ntohl(sav->spi)));
+		    (u_long) ntohl(sav->spi)));
 		error = EINVAL;
 		goto bad;
 	}
@ -580,9 +581,9 @@ esp_input_cb(struct cryptop *crp)
 		if (lastthree[1] != lastthree[0] && lastthree[1] != 0) {
 			ESPSTAT_INC(esps_badenc);
 			DPRINTF(("%s: decryption failed for packet in "
-				"SA %s/%08lx\n", __func__,
+			    "SA %s/%08lx\n", __func__, ipsec_address(
-				ipsec_address(&sav->sah->saidx.dst),
+			    &sav->sah->saidx.dst, buf, sizeof(buf)),
-				(u_long) ntohl(sav->spi)));
+			    (u_long) ntohl(sav->spi)));
 			error = EINVAL;
 			goto bad;
 		}
@ -628,14 +629,10 @@ bad:
 * ESP output routine, called by ipsec[46]_process_packet().
 */
 static int
-esp_output(
+esp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
-	struct mbuf *m,
+    int skip, int protoff)
 	struct ipsecrequest *isr,
 	struct mbuf **mp,
 	int skip,
 	int protoff
 )
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct enc_xform *espx;
 	struct auth_hash *esph;
 	int hlen, rlen, padding, blks, alen, i, roff;
@ -703,8 +700,8 @@ esp_output(
 	default:
 		DPRINTF(("%s: unknown/unsupported protocol "
 		    "family %d, SA %s/%08lx\n", __func__,
-		    saidx->dst.sa.sa_family, ipsec_address(&saidx->dst),
+		    saidx->dst.sa.sa_family, ipsec_address(&saidx->dst,
-		    (u_long) ntohl(sav->spi)));
+			buf, sizeof(buf)), (u_long) ntohl(sav->spi)));
 		ESPSTAT_INC(esps_nopf);
 		error = EPFNOSUPPORT;
 		goto bad;
@ -712,7 +709,8 @@ esp_output(
 	if (skip + hlen + rlen + padding + alen > maxpacketsize) {
 		DPRINTF(("%s: packet in SA %s/%08lx got too big "
 		    "(len %u, max len %u)\n", __func__,
-		    ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi),
+		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi),
 		    skip + hlen + rlen + padding + alen, maxpacketsize));
 		ESPSTAT_INC(esps_toobig);
 		error = EMSGSIZE;
@ -725,7 +723,8 @@ esp_output(
 	m = m_unshare(m, M_NOWAIT);
 	if (m == NULL) {
 		DPRINTF(("%s: cannot clone mbuf chain, SA %s/%08lx\n", __func__,
-		    ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
+		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		ESPSTAT_INC(esps_hdrops);
 		error = ENOBUFS;
 		goto bad;
@ -735,8 +734,8 @@ esp_output(
 	mo = m_makespace(m, skip, hlen, &roff);
 	if (mo == NULL) {
 		DPRINTF(("%s: %u byte ESP hdr inject failed for SA %s/%08lx\n",
-		    __func__, hlen, ipsec_address(&saidx->dst),
+		    __func__, hlen, ipsec_address(&saidx->dst, buf,
-		    (u_long) ntohl(sav->spi)));
+		    sizeof(buf)), (u_long) ntohl(sav->spi)));
 		ESPSTAT_INC(esps_hdrops);		/* XXX diffs from openbsd */
 		error = ENOBUFS;
 		goto bad;
@ -765,7 +764,8 @@ esp_output(
 	pad = (u_char *) m_pad(m, padding + alen);
 	if (pad == NULL) {
 		DPRINTF(("%s: m_pad failed for SA %s/%08lx\n", __func__,
-		    ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi)));
+		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		m = NULL;		/* NB: free'd by m_pad */
 		error = ENOBUFS;
 		goto bad;
@ -876,6 +876,7 @@ bad:
 static int
 esp_output_cb(struct cryptop *crp)
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct tdb_crypto *tc;
 	struct ipsecrequest *isr;
 	struct secasvar *sav;
@ -893,7 +894,7 @@ esp_output_cb(struct cryptop *crp)
 	if (sav != isr->sav) {
 		ESPSTAT_INC(esps_notdb);
 		DPRINTF(("%s: SA gone during crypto (SA %s/%08lx proto %u)\n",
-		    __func__, ipsec_address(&tc->tc_dst),
+		    __func__, ipsec_address(&tc->tc_dst, buf, sizeof(buf)),
 		    (u_long) ntohl(tc->tc_spi), tc->tc_proto));
 		error = ENOBUFS;		/*XXX*/
 		goto bad;
--- a/sys/netipsec/xform_ipcomp.c
+++ b/sys/netipsec/xform_ipcomp.c
@ -224,6 +224,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
 static int
 ipcomp_input_cb(struct cryptop *crp)
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct cryptodesc *crd;
 	struct tdb_crypto *tc;
 	int skip, protoff;
@ -298,8 +299,8 @@ ipcomp_input_cb(struct cryptop *crp)
 	if (error) {
 		IPCOMPSTAT_INC(ipcomps_hdrops);
 		DPRINTF(("%s: bad mbuf chain, IPCA %s/%08lx\n", __func__,
-			 ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
-			 (u_long) ntohl(sav->spi)));
+		    (u_long) ntohl(sav->spi)));
 		goto bad;
 	}
@ -340,14 +341,10 @@ bad:
 * IPComp output routine, called by ipsec[46]_process_packet()
 */
 static int
-ipcomp_output(
+ipcomp_output(struct mbuf *m, struct ipsecrequest *isr, struct mbuf **mp,
-	struct mbuf *m,
+    int skip, int protoff)
 	struct ipsecrequest *isr,
 	struct mbuf **mp,
 	int skip,
 	int protoff
 )
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct secasvar *sav;
 	struct comp_algo *ipcompx;
 	int error, ralen, maxpacketsize;
@ -391,7 +388,7 @@ ipcomp_output(
 		DPRINTF(("%s: unknown/unsupported protocol family %d, "
 		    "IPCA %s/%08lx\n", __func__,
 		    sav->sah->saidx.dst.sa.sa_family,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi)));
 		error = EPFNOSUPPORT;
 		goto bad;
@ -400,7 +397,7 @@ ipcomp_output(
 		IPCOMPSTAT_INC(ipcomps_toobig);
 		DPRINTF(("%s: packet in IPCA %s/%08lx got too big "
 		    "(len %u, max len %u)\n", __func__,
-		    ipsec_address(&sav->sah->saidx.dst),
+		    ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
 		    (u_long) ntohl(sav->spi),
 		    ralen + skip + IPCOMP_HLENGTH, maxpacketsize));
 		error = EMSGSIZE;
@ -414,8 +411,8 @@ ipcomp_output(
 	if (m == NULL) {
 		IPCOMPSTAT_INC(ipcomps_hdrops);
 		DPRINTF(("%s: cannot clone mbuf chain, IPCA %s/%08lx\n",
-		    __func__, ipsec_address(&sav->sah->saidx.dst),
+		    __func__, ipsec_address(&sav->sah->saidx.dst, buf,
-		    (u_long) ntohl(sav->spi)));
+		    sizeof(buf)), (u_long) ntohl(sav->spi)));
 		error = ENOBUFS;
 		goto bad;
 	}
@ -482,6 +479,7 @@ bad:
 static int
 ipcomp_output_cb(struct cryptop *crp)
 {
 	char buf[INET6_ADDRSTRLEN];
 	struct tdb_crypto *tc;
 	struct ipsecrequest *isr;
 	struct secasvar *sav;
@ -539,8 +537,8 @@ ipcomp_output_cb(struct cryptop *crp)
 		if (mo == NULL) {
 			IPCOMPSTAT_INC(ipcomps_wrap);
 			DPRINTF(("%s: IPCOMP header inject failed for IPCA %s/%08lx\n",
-			    __func__, ipsec_address(&sav->sah->saidx.dst),
+			    __func__, ipsec_address(&sav->sah->saidx.dst, buf,
-			    (u_long) ntohl(sav->spi)));
+			    sizeof(buf)), (u_long) ntohl(sav->spi)));
 			error = ENOBUFS;
 			goto bad;
 		}
@ -586,8 +584,8 @@ ipcomp_output_cb(struct cryptop *crp)
 			DPRINTF(("%s: unknown/unsupported protocol "
 			    "family %d, IPCA %s/%08lx\n", __func__,
 			    sav->sah->saidx.dst.sa.sa_family,
-			    ipsec_address(&sav->sah->saidx.dst),
+			    ipsec_address(&sav->sah->saidx.dst, buf,
-			    (u_long) ntohl(sav->spi)));
+				sizeof(buf)), (u_long) ntohl(sav->spi)));
 			error = EPFNOSUPPORT;
 			goto bad;
 		}