d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix possible double releasing for SA reference.

Browse Source 
This is missing part of r318734. When crypto subsystem returns error
the xform code handles an error independently.

PR:		221849
MFC after:	5 days
This commit is contained in:
ae 2017-09-01 11:51:07 +00:00
parent 4807d74429
commit 9c72745845
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netipsec/udpencap.c
View File

@ -120,7 +120,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
struct udphdr *udp;
struct ip *ip;
uint32_t spi;
int error, hlen;
int hlen;
/*
* Just return if packet doesn't have enough data.
@ -205,10 +205,7 @@ udp_ipsec_input(struct mbuf *m, int off, int af)
* will do this anyway, so don't touch them here.
*/
ESPSTAT_INC(esps_input);
error = (*sav->tdb_xform->xf_input)(m, sav, hlen, off);
if (error != 0)
key_freesav(&sav);
(*sav->tdb_xform->xf_input)(m, sav, hlen, off);
return (EINPROGRESS); /* Consumed by IPsec. */
}