| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.129 2017/05/16 07:43:50 ozaki-r Exp $ */ |
2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
32 | */ | | 32 | */ |
33 | | | 33 | |
34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.129 2017/05/16 07:43:50 ozaki-r Exp $"); |
36 | | | 36 | |
37 | /* | | 37 | /* |
38 | * This code is referd to RFC 2367 | | 38 | * This code is referd to RFC 2367 |
39 | */ | | 39 | */ |
40 | | | 40 | |
41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
45 | #endif | | 45 | #endif |
46 | | | 46 | |
47 | #include <sys/types.h> | | 47 | #include <sys/types.h> |
48 | #include <sys/param.h> | | 48 | #include <sys/param.h> |
| @@ -2919,26 +2919,31 @@ key_delsah(struct secashead *sah) | | | @@ -2919,26 +2919,31 @@ key_delsah(struct secashead *sah) |
2919 | | | 2919 | |
2920 | /* don't delete sah only if there are savs. */ | | 2920 | /* don't delete sah only if there are savs. */ |
2921 | if (zombie) { | | 2921 | if (zombie) { |
2922 | splx(s); | | 2922 | splx(s); |
2923 | return; | | 2923 | return; |
2924 | } | | 2924 | } |
2925 | | | 2925 | |
2926 | rtcache_free(&sah->sa_route); | | 2926 | rtcache_free(&sah->sa_route); |
2927 | | | 2927 | |
2928 | /* remove from tree of SA index */ | | 2928 | /* remove from tree of SA index */ |
2929 | if (__LIST_CHAINED(sah)) | | 2929 | if (__LIST_CHAINED(sah)) |
2930 | LIST_REMOVE(sah, chain); | | 2930 | LIST_REMOVE(sah, chain); |
2931 | | | 2931 | |
| | | 2932 | if (sah->idents != NULL) |
| | | 2933 | KFREE(sah->idents); |
| | | 2934 | if (sah->identd != NULL) |
| | | 2935 | KFREE(sah->identd); |
| | | 2936 | |
2932 | kmem_free(sah, sizeof(*sah)); | | 2937 | kmem_free(sah, sizeof(*sah)); |
2933 | | | 2938 | |
2934 | splx(s); | | 2939 | splx(s); |
2935 | return; | | 2940 | return; |
2936 | } | | 2941 | } |
2937 | | | 2942 | |
2938 | /* | | 2943 | /* |
2939 | * allocating a new SA with LARVAL state. key_add() and key_getspi() call, | | 2944 | * allocating a new SA with LARVAL state. key_add() and key_getspi() call, |
2940 | * and copy the values of mhp into new buffer. | | 2945 | * and copy the values of mhp into new buffer. |
2941 | * When SAD message type is GETSPI: | | 2946 | * When SAD message type is GETSPI: |
2942 | * to set sequence number from acq_seq++, | | 2947 | * to set sequence number from acq_seq++, |
2943 | * to set zero to SPI. | | 2948 | * to set zero to SPI. |
2944 | * not to call key_setsava(). | | 2949 | * not to call key_setsava(). |
| @@ -5561,26 +5566,38 @@ key_add(struct socket *so, struct mbuf * | | | @@ -5561,26 +5566,38 @@ key_add(struct socket *so, struct mbuf * |
5561 | /* m is retained */ | | 5566 | /* m is retained */ |
5562 | static int | | 5567 | static int |
5563 | key_setident(struct secashead *sah, struct mbuf *m, | | 5568 | key_setident(struct secashead *sah, struct mbuf *m, |
5564 | const struct sadb_msghdr *mhp) | | 5569 | const struct sadb_msghdr *mhp) |
5565 | { | | 5570 | { |
5566 | const struct sadb_ident *idsrc, *iddst; | | 5571 | const struct sadb_ident *idsrc, *iddst; |
5567 | int idsrclen, iddstlen; | | 5572 | int idsrclen, iddstlen; |
5568 | | | 5573 | |
5569 | KASSERT(sah != NULL); | | 5574 | KASSERT(sah != NULL); |
5570 | KASSERT(m != NULL); | | 5575 | KASSERT(m != NULL); |
5571 | KASSERT(mhp != NULL); | | 5576 | KASSERT(mhp != NULL); |
5572 | KASSERT(mhp->msg != NULL); | | 5577 | KASSERT(mhp->msg != NULL); |
5573 | | | 5578 | |
| | | 5579 | /* |
| | | 5580 | * Can be called with an existing sah from key_update(). |
| | | 5581 | */ |
| | | 5582 | if (sah->idents != NULL) { |
| | | 5583 | KFREE(sah->idents); |
| | | 5584 | sah->idents = NULL; |
| | | 5585 | } |
| | | 5586 | if (sah->identd != NULL) { |
| | | 5587 | KFREE(sah->identd); |
| | | 5588 | sah->identd = NULL; |
| | | 5589 | } |
| | | 5590 | |
5574 | /* don't make buffer if not there */ | | 5591 | /* don't make buffer if not there */ |
5575 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && | | 5592 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && |
5576 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { | | 5593 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { |
5577 | sah->idents = NULL; | | 5594 | sah->idents = NULL; |
5578 | sah->identd = NULL; | | 5595 | sah->identd = NULL; |
5579 | return 0; | | 5596 | return 0; |
5580 | } | | 5597 | } |
5581 | | | 5598 | |
5582 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || | | 5599 | if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || |
5583 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { | | 5600 | mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { |
5584 | ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n")); | | 5601 | ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n")); |
5585 | return EINVAL; | | 5602 | return EINVAL; |
5586 | } | | 5603 | } |