- m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has

to happen before the call to m_cat(). - correct signedness mixups. - remove variable that is only assigned too but not referenced. Obtained from: KAME
2003-11-15 06:18:09 +00:00 · 2003-11-15 06:18:09 +00:00 · fc8f306fc1
commit fc8f306fc1
parent c36bc21aa3
4 changed files with 14 additions and 20 deletions
--- a/sys/netinet6/ah_core.c
+++ b/sys/netinet6/ah_core.c
@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: ah_core.c,v 1.44 2001/03/12 11:24:39 itojun Exp $	*/
+/*	$KAME: ah_core.c,v 1.59 2003/07/25 10:17:14 itojun Exp $	*/

 /*
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
--- a/sys/netinet6/ah_input.c
+++ b/sys/netinet6/ah_input.c
@ -494,9 +494,9 @@ ah4_input(m, off)
 				goto fail;
 			}
 			m_adj(n, stripsiz);
-			m_cat(m, n);
 			/* m_cat does not update m_pkthdr.len */
 			m->m_pkthdr.len += n->m_pkthdr.len;
+			m_cat(m, n);
 		}
 #endif

@ -803,10 +803,6 @@ ah6_input(mp, offp, proto)
 		flowinfo = ip6->ip6_flow;
 		m_adj(m, off + stripsiz);
 		if (m->m_len < sizeof(*ip6)) {
-			/*
-			 * m_pullup is prohibited in KAME IPv6 input processing
-			 * but there's no other way!
-			 */
 			m = m_pullup(m, sizeof(*ip6));
 			if (!m) {
 				ipsec6stat.in_inval++;
@ -899,9 +895,9 @@ ah6_input(mp, offp, proto)
 				goto fail;
 			}
 			m_adj(n, stripsiz);
-			m_cat(m, n);
 			/* m_cat does not update m_pkthdr.len */
 			m->m_pkthdr.len += n->m_pkthdr.len;
+			m_cat(m, n);
 		}
 #endif
 		ip6 = mtod(m, struct ip6_hdr *);
--- a/sys/netinet6/esp_core.c
+++ b/sys/netinet6/esp_core.c
@ -551,7 +551,7 @@ esp_3des_schedule(algo, sav)
 	int error;
 	des_key_schedule *p;
 	int i;
-	char *k;
+	u_int8_t *k;

 	p = (des_key_schedule *)sav->sched;
 	k = _KEYBUF(sav->key_enc);
@ -673,7 +673,7 @@ esp_cbc_decrypt(m, off, sav, algo, ivlen)
 	}

 	/* grab iv */
-	m_copydata(m, ivoff, ivlen, iv);
+	m_copydata(m, ivoff, ivlen, (caddr_t)iv);

 	/* extend iv */
 	if (ivlen == blocklen)
@ -878,11 +878,11 @@ esp_cbc_encrypt(m, off, plen, sav, algo, ivlen)

 	/* put iv into the packet.  if we are in derived mode, use seqno. */
 	if (derived)
-		m_copydata(m, ivoff, ivlen, iv);
+		m_copydata(m, ivoff, ivlen, (caddr_t)iv);
 	else {
 		bcopy(sav->iv, iv, ivlen);
 		/* maybe it is better to overwrite dest, not source */
-		m_copyback(m, ivoff, ivlen, iv);
+		m_copyback(m, ivoff, ivlen, (caddr_t)iv);
 	}

 	/* extend iv */
@ -945,7 +945,7 @@ esp_cbc_encrypt(m, off, plen, sav, algo, ivlen)
 			sp = mtod(s, u_int8_t *) + sn;
 		} else {
 			/* body is non-continuous */
-			m_copydata(s, sn, blocklen, sbuf);
+			m_copydata(s, sn, blocklen, (caddr_t)sbuf);
 			sp = sbuf;
 		}

--- a/sys/netinet6/esp_input.c
+++ b/sys/netinet6/esp_input.c
@ -116,7 +116,6 @@ esp4_input(m, off)
 	int ivlen;
 	size_t hlen;
 	size_t esplen;
-	int proto;

 	/* sanity check for alignment. */
 	if (off % 4 != 0 || m->m_pkthdr.len % 4 != 0) {
@ -137,7 +136,6 @@ esp4_input(m, off)
 	}

 	ip = mtod(m, struct ip *);
-	proto = ip->ip_p;
 	esp = (struct esp *)(((u_int8_t *)ip) + off);
 #ifdef _IP_VHL
 	hlen = IP_VHL_HL(ip->ip_vhl) << 2;
@ -208,8 +206,8 @@ esp4_input(m, off)

 	/* check ICV */
    {
-	u_char sum0[AH_MAXSUMSIZE];
-	u_char sum[AH_MAXSUMSIZE];
+	u_int8_t sum0[AH_MAXSUMSIZE];
+	u_int8_t sum[AH_MAXSUMSIZE];
 	const struct ah_algorithm *sumalgo;
 	size_t siz;

@ -229,7 +227,7 @@ esp4_input(m, off)
 		goto bad;
 	}

-	m_copydata(m, m->m_pkthdr.len - siz, siz, &sum0[0]);
+	m_copydata(m, m->m_pkthdr.len - siz, siz, (caddr_t)&sum0[0]);

 	if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) {
 		ipseclog((LOG_WARNING, "auth fail in IPv4 ESP input: %s %s\n",
@ -590,7 +588,7 @@ esp6_input(mp, offp, proto)
 		goto bad;
 	}

-	m_copydata(m, m->m_pkthdr.len - siz, siz, &sum0[0]);
+	m_copydata(m, m->m_pkthdr.len - siz, siz, (caddr_t)&sum0[0]);

 	if (esp_auth(m, off, m->m_pkthdr.len - off - siz, sav, sum)) {
 		ipseclog((LOG_WARNING, "auth fail in IPv6 ESP input: %s %s\n",
@ -761,7 +759,7 @@ esp6_input(mp, offp, proto)
 		 * we can always compute checksum for AH correctly.
 		 */
 		size_t stripsiz;
-		char *prvnxtp;
+		u_int8_t *prvnxtp;

 		/*
 		 * Set the next header field of the previous header correctly.
@ -790,9 +788,9 @@ esp6_input(mp, offp, proto)
 				goto bad;
 			}
 			m_adj(n, stripsiz);
-			m_cat(m, n);
 			/* m_cat does not update m_pkthdr.len */
 			m->m_pkthdr.len += n->m_pkthdr.len;
+			m_cat(m, n);
 		}

 #ifndef PULLDOWN_TEST