Date: Thu, 18 Feb 2016 19:35:20 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 207312] Useless check in netipsec/key.c Message-ID: <bug-207312-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D207312 Bug ID: 207312 Summary: Useless check in netipsec/key.c Product: Base System Version: 10.2-STABLE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: mi@FreeBSD.org CC: ae@FreeBSD.org, sam@FreeBSD.org Created attachment 167155 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D167155&action= =3Dedit Remove a silly check, const-poison key-handling The article at http://www.viva64.com/en/b/0377/ listed a problem with the KAME-derived code: the key_parse() function is comparing m->m_pkthdr.len with itself. We have this line since 2002, when s= am committed what was than known as FAST_IPSEC option in base r105197. The original KAME sources (https://github.com/kame/kame/) and NetBSD have t= his issue, but I could not find this code in OpenBSD cvs-repo online. The minimal fix is to simply remove the useless check -- something the comp= iler must've been doing automatically ever since: @@ -7245,9 +7245,8 @@ key_parse(struct mbuf *m, struct socket orglen =3D PFKEY_UNUNIT64(msg->sadb_msg_len); target =3D KEY_SENDUP_ONE; - if ((m->m_flags & M_PKTHDR) =3D=3D 0 || - m->m_pkthdr.len !=3D m->m_pkthdr.len) { - ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); + if ((m->m_flags & M_PKTHDR) =3D=3D 0) { + ipseclog((LOG_DEBUG, "%s: invalid message length.\n", __func__)); PFKEYSTAT_INC(out_invlen); error =3D EINVAL; goto senderror; However, the attached patch goes further and adds "const-poisoning" to functions in netipsec/key.c and netipsec/keysock.c . Please, review. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-207312-8>