Update SA's NAT-T stuff before calling key_mature() in key_update(),
as SA may be used as soon as key_mature() has been called. Obtained from: NETASQ MFC after: 1 week
This commit is contained in:
parent
17f8390866
commit
33dc72ec8c
@ -5156,12 +5156,6 @@ key_update(so, m, mhp)
|
||||
return key_senderror(so, m, error);
|
||||
}
|
||||
|
||||
/* check SA values to be mature. */
|
||||
if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
|
||||
KEY_FREESAV(&sav);
|
||||
return key_senderror(so, m, 0);
|
||||
}
|
||||
|
||||
#ifdef IPSEC_NAT_T
|
||||
/*
|
||||
* Handle more NAT-T info if present,
|
||||
@ -5188,6 +5182,12 @@ key_update(so, m, mhp)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* check SA values to be mature. */
|
||||
if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
|
||||
KEY_FREESAV(&sav);
|
||||
return key_senderror(so, m, 0);
|
||||
}
|
||||
|
||||
{
|
||||
struct mbuf *n;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user