d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Treat errors when retrieving security policy as policy violation.

Browse Source 
Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
This commit is contained in:
Andrey V. Elsukov 2014-12-11 18:46:11 +00:00
parent e65ada3e3c
commit a91150da31
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/netipsec/ipsec.c
View File

@ -1265,6 +1265,9 @@ ipsec_in_reject(struct secpolicy *sp, struct mbuf *m)
return (0); /* Valid. */
}
/*
* Non zero return value means security policy DISCARD or policy violation.
*/
static int
ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
{
@ -1284,8 +1287,7 @@ ipsec46_in_reject(struct mbuf *m, struct inpcb *inp)
result = ipsec_in_reject(sp, m);
KEY_FREESP(&sp);
} else {
result = 0; /* XXX Should be panic?
* -> No, there may be error. */
result = 1; /* treat errors as policy violation */
}
return (result);
}