Fix a panic where if the mbuf was consumed by the filter for requeueing

(dummynet), ipsec_filter() would return the empty error code and the ipsec code would continue to forward/deference the null mbuf. Found by: m0n0wall Reviewed by: bz MFC after: 3 days
2007-12-26 08:41:58 +00:00 · 2007-12-26 08:41:58 +00:00 · e361d7d421
commit e361d7d421
parent a76b9b6973
1 changed files with 7 additions and 0 deletions
--- a/sys/net/if_enc.c
+++ b/sys/net/if_enc.c
@ -293,6 +293,13 @@ ipsec_filter(struct mbuf **mp, int dir, int flags)
 			printf("%s: unknown IP version\n", __func__);
 	}

+	/*
+	 * If the mbuf was consumed by the filter for requeueing (dummynet, etc)
+	 * then error will be zero but we still want to return an error to our
+	 * caller so the null mbuf isn't forwarded further.
+	 */
+	if (*mp == NULL && error == 0)
+		return (-1);	/* Consumed by the filter */
 	if (*mp == NULL)
 		return (error);
 	if (error != 0)