netdev
[Top] [All Lists]

Re: [PATCH][IPsec] fix process of error from crypto module

To: kazunori@xxxxxxxxxxxx (MIYAZAWA Kazunori)
Subject: Re: [PATCH][IPsec] fix process of error from crypto module
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Jan 2005 07:33:38 +1100
Cc: davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, usagi-core@xxxxxxxxxxxxxx
In-reply-to: <200501261910.20867.kazunori@xxxxxxxxxxxx>
Organization: Core
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))
MIYAZAWA Kazunori <kazunori@xxxxxxxxxxxx> wrote:
> 
> This patch fixes the process under the case that the crypto module
> returns error because of its weak keys or etc.

Good catch.

> diff -ur a/net/ipv6/esp6.c b/net/ipv6/esp6.c
> --- a/net/ipv6/esp6.c 2004-12-25 06:35:01.000000000 +0900
> +++ b/net/ipv6/esp6.c 2005-01-26 18:57:04.000000000 +0900
> @@ -364,7 +364,8 @@
>    goto error;
>   get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
>  }
> - crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
> + if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
> +  goto error;
>  x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
>  if (x->props.mode)
>   x->props.header_len += sizeof(struct ipv6hdr);

You need to free esp->conf.ivec here.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread] Current Thread [Next in Thread>