From: tobhe Date: Fri, 29 Sep 2023 18:45:42 +0000 (+0000) Subject: Make sure pfkeyv2_parsemessage() only returns 0 if the message was X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2f23249ef43c89a850e165246108676916eef4d5;p=openbsd Make sure pfkeyv2_parsemessage() only returns 0 if the message was successfully validated. Decline all messages from userland that contain errnos and remove unneeded special handling for type SADB_X_PROMISC. ok bluhm@ --- diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index edb1cc76c3a..ad1165162ab 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.61 2023/08/07 03:35:06 dlg Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.62 2023/09/29 18:45:42 tobhe Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -327,16 +327,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) } if (sadb_msg->sadb_msg_errno) { - if (left) { - DPRINTF("too-large error message"); - return (EINVAL); - } - return (0); - } - - if (sadb_msg->sadb_msg_type == SADB_X_PROMISC) { - DPRINTF("message type promiscuous"); - return (0); + DPRINTF("errno set"); + return (EINVAL); } allow = sadb_exts_allowed_in[sadb_msg->sadb_msg_type];