From 9044dcac492f914f628a705befa17e657a6e975a Mon Sep 17 00:00:00 2001 From: dyoung Date: Fri, 16 Nov 2007 17:50:07 +0000 Subject: [PATCH] Note danger of dangling pointers. --- sys/netinet6/ipsec.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sys/netinet6/ipsec.c b/sys/netinet6/ipsec.c index c5fd0554fda1..49c201ecd03d 100644 --- a/sys/netinet6/ipsec.c +++ b/sys/netinet6/ipsec.c @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.121 2007/07/10 18:25:50 christos Exp $ */ +/* $NetBSD: ipsec.c,v 1.122 2007/11/16 17:50:07 dyoung Exp $ */ /* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */ /* @@ -35,7 +35,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.121 2007/07/10 18:25:50 christos Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.122 2007/11/16 17:50:07 dyoung Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -2645,6 +2645,9 @@ ipsec4_output(struct ipsec_output_state *state, struct secpolicy *sp, int flags) goto bad; } + /* XXX state->dst will dangle if the rtentry goes + * away! I suggest sockaddr_dup()'ing it. --dyoung + */ /* adjust state->dst if tunnel endpoint is offlink */ if (state->ro->ro_rt->rt_flags & RTF_GATEWAY) { state->dst = state->ro->ro_rt->rt_gateway; @@ -3019,8 +3022,7 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, } u; sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); - rtcache_lookup(state->ro, &u.dst); - if (state->ro->ro_rt == NULL) { + if (rtcache_lookup(state->ro, &u.dst) == NULL) { rtcache_free(state->ro); ip6stat.ip6s_noroute++; ipsec6stat.out_noroute++; @@ -3028,6 +3030,9 @@ ipsec6_output_tunnel(struct ipsec_output_state *state, struct secpolicy *sp, goto bad; } + /* XXX state->dst will dangle if the rtentry goes + * away! I suggest sockaddr_dup()'ing it. --dyoung + */ /* adjust state->dst if tunnel endpoint is offlink */ if (state->ro->ro_rt->rt_flags & RTF_GATEWAY) { state->dst = state->ro->ro_rt->rt_gateway;