Update SA's NAT-T stuff before calling key_mature() in key_update(),

as SA may be used as soon as key_mature() has been called.

Obtained from:	NETASQ
MFC after: 1 week
This commit is contained in:
vanhu 2010-05-05 08:55:26 +00:00
parent 17f8390866
commit 33dc72ec8c

View File

@ -5156,12 +5156,6 @@ key_update(so, m, mhp)
return key_senderror(so, m, error);
}
/* check SA values to be mature. */
if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
KEY_FREESAV(&sav);
return key_senderror(so, m, 0);
}
#ifdef IPSEC_NAT_T
/*
* Handle more NAT-T info if present,
@ -5188,6 +5182,12 @@ key_update(so, m, mhp)
#endif
#endif
/* check SA values to be mature. */
if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
KEY_FREESAV(&sav);
return key_senderror(so, m, 0);
}
{
struct mbuf *n;