Received: with ECARTIS (v1.0.0; list netdev); Wed, 26 Jan 2005 12:35:08 -0800 (PST)
Received: from arnor.apana.org.au (mail@arnor.apana.org.au [203.14.152.115])
	by oss.sgi.com (8.13.0/8.13.0) with ESMTP id j0QKYv9V007617
	for <netdev@oss.sgi.com>; Wed, 26 Jan 2005 12:35:00 -0800
Received: from gondolin.me.apana.org.au ([192.168.0.6] ident=mail)
	by arnor.apana.org.au with esmtp (Exim 3.35 #1 (Debian))
	id 1Cttrg-0001be-00; Thu, 27 Jan 2005 07:34:12 +1100
Received: from herbert by gondolin.me.apana.org.au with local (Exim 3.36 #1 (Debian))
	id 1Cttr8-0005S6-00; Thu, 27 Jan 2005 07:33:38 +1100
From: Herbert Xu <herbert@gondor.apana.org.au>
To: kazunori@miyazawa.org (MIYAZAWA Kazunori)
Subject: Re: [PATCH][IPsec] fix process of error from crypto module
Cc: davem@davemloft.net, netdev@oss.sgi.com, usagi-core@linux-ipv6.org
Organization: Core
In-Reply-To: <200501261910.20867.kazunori@miyazawa.org>
X-Newsgroups: apana.lists.os.linux.netdev
User-Agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))
Message-Id: <E1Cttr8-0005S6-00@gondolin.me.apana.org.au>
Date: Thu, 27 Jan 2005 07:33:38 +1100
X-Virus-Scanned: ClamAV 0.80/650/Sun Jan  2 19:00:02 2005
	clamav-milter version 0.80j
	on 127.0.0.1
X-Virus-Status: Clean
X-archive-position: 825
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: herbert@gondor.apana.org.au
Precedence: bulk
X-list: netdev
Content-Length: 1024
Lines: 29

MIYAZAWA Kazunori <kazunori@miyazawa.org> wrote:
> 
> This patch fixes the process under the case that the crypto module
> returns error because of its weak keys or etc.

Good catch.

> diff -ur a/net/ipv6/esp6.c b/net/ipv6/esp6.c
> --- a/net/ipv6/esp6.c 2004-12-25 06:35:01.000000000 +0900
> +++ b/net/ipv6/esp6.c 2005-01-26 18:57:04.000000000 +0900
> @@ -364,7 +364,8 @@
>    goto error;
>   get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
>  }
> - crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
> + if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
> +  goto error;
>  x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
>  if (x->props.mode)
>   x->props.header_len += sizeof(struct ipv6hdr);

You need to free esp->conf.ivec here.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt