From ead5a0625d3c176c54d613b850462d3994d0c6c6 Mon Sep 17 00:00:00 2001 From: bluhm Date: Wed, 13 Oct 2021 14:36:31 +0000 Subject: [PATCH] The function ipip_output() was registered as .xf_output() xform function. But was is never called via this pointer. It would have immediatley crashed as mp is always NULL when called via .xf_output(). Do not set .xf_output to ipip_output. This allows to pass only the parameters which are actually needed and the control flow is clearer. OK mpi@ --- sys/netinet/ip_ah.c | 5 ++--- sys/netinet/ip_esp.c | 5 ++--- sys/netinet/ip_ipcomp.c | 5 ++--- sys/netinet/ip_ipip.c | 20 ++++++++++---------- sys/netinet/ip_ipip.h | 4 ++-- sys/netinet/ip_ipsp.c | 4 ++-- sys/netinet/ip_ipsp.h | 16 +++++++--------- sys/netinet/ipsec_output.c | 31 ++++++++++++------------------- sys/netinet/tcp_subr.c | 6 +++--- 9 files changed, 42 insertions(+), 54 deletions(-) diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 7c1197488dd..24bc3df1345 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.154 2021/07/27 17:13:03 mvs Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.155 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -884,8 +884,7 @@ ah_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) * AH output routine, called by ipsp_process_packet(). */ int -ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) +ah_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { const struct auth_hash *ahx = tdb->tdb_authalgxform; struct cryptodesc *crda; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 0ff7f0eb076..352b71d0b5d 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.172 2021/07/27 17:13:03 mvs Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.173 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -740,8 +740,7 @@ esp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen) * ESP output routine, called by ipsp_process_packet(). */ int -esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) +esp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { const struct enc_xform *espx = tdb->tdb_encalgxform; const struct auth_hash *esph = tdb->tdb_authalgxform; diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index c42ee40f7b5..1e639ab7de4 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.74 2021/07/27 17:13:03 mvs Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.75 2021/10/13 14:36:31 bluhm Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -320,8 +320,7 @@ ipcomp_input_cb(struct tdb *tdb, struct tdb_crypto *tc, struct mbuf *m, int clen * IPComp output routine, called by ipsp_process_packet() */ int -ipcomp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, - int protoff) +ipcomp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff) { const struct comp_algo *ipcompx = tdb->tdb_compalgxform; int error, hlen; diff --git a/sys/netinet/ip_ipip.c b/sys/netinet/ip_ipip.c index 04a22479ae2..9760d920c81 100644 --- a/sys/netinet/ip_ipip.c +++ b/sys/netinet/ip_ipip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.c,v 1.94 2021/10/05 11:45:26 bluhm Exp $ */ +/* $OpenBSD: ip_ipip.c,v 1.95 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -331,9 +331,9 @@ ipip_input_if(struct mbuf **mp, int *offp, int proto, int oaf, } int -ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, - int dummy2) +ipip_output(struct mbuf **mp, struct tdb *tdb) { + struct mbuf *m = *mp; u_int8_t tp, otos, itos; u_int64_t obytes; struct ip *ipo; @@ -366,13 +366,14 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, goto drop; } - M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); - if (m == NULL) { + M_PREPEND(*mp, sizeof(struct ip), M_DONTWAIT); + if (*mp == NULL) { DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); error = ENOBUFS; goto drop; } + m = *mp; ipo = mtod(m, struct ip *); @@ -464,13 +465,14 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, ip6->ip6_dst.s6_addr16[1] = 0; } - M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT); - if (m == NULL) { + M_PREPEND(*mp, sizeof(struct ip6_hdr), M_DONTWAIT); + if (*mp == NULL) { DPRINTF("M_PREPEND failed"); ipipstat_inc(ipips_hdrops); error = ENOBUFS; goto drop; } + m = *mp; /* Initialize IPv6 header */ ip6o = mtod(m, struct ip6_hdr *); @@ -526,13 +528,11 @@ ipip_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int dummy, goto drop; } - *mp = m; ipipstat_pkt(ipips_opackets, ipips_obytes, obytes); return 0; drop: - m_freem(m); - *mp = NULL; + m_freemp(mp); return error; } diff --git a/sys/netinet/ip_ipip.h b/sys/netinet/ip_ipip.h index a45e88df24a..f9d04498444 100644 --- a/sys/netinet/ip_ipip.h +++ b/sys/netinet/ip_ipip.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipip.h,v 1.12 2021/10/05 11:45:26 bluhm Exp $ */ +/* $OpenBSD: ip_ipip.h,v 1.13 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -115,7 +115,7 @@ struct tdb; void ipip_init(void); int ipip_input(struct mbuf **, int *, int, int); int ipip_input_if(struct mbuf **, int *, int, int, struct ifnet *); -int ipip_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +int ipip_output(struct mbuf **, struct tdb *); int ipip_sysctl(int *, u_int, void *, size_t *, void *, size_t); extern int ipip_allow; diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index ec8769ff0b7..3f1a5b55e1a 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.245 2021/09/29 22:08:13 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.246 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -135,7 +135,7 @@ const struct xformsw xformsw[] = { .xf_init = ipe4_init, .xf_zeroize = ipe4_zeroize, .xf_input = ipe4_input, - .xf_output = ipip_output, + .xf_output = NULL, }, { .xf_type = XF_AH, diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index f1b236568f3..9bb39465b57 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.209 2021/10/05 11:45:26 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.210 2021/10/13 14:36:31 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -479,9 +479,8 @@ struct xformsw { int (*xf_init)(struct tdb *, const struct xformsw *, struct ipsecinit *); int (*xf_zeroize)(struct tdb *); /* termination */ - int (*xf_input)(struct mbuf *, struct tdb *, int, int); /* input */ - int (*xf_output)(struct mbuf *, struct tdb *, struct mbuf **, - int, int); /* output */ + int (*xf_input)(struct mbuf *, struct tdb *, int, int); + int (*xf_output)(struct mbuf *, struct tdb *, int, int); }; extern int ipsec_in_use; @@ -573,7 +572,7 @@ int ah_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int ah_zeroize(struct tdb *); int ah_input(struct mbuf *, struct tdb *, int, int); int ah_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); -int ah_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +int ah_output(struct mbuf *, struct tdb *, int, int); int ah_output_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int, int); int ah_sysctl(int *, u_int, void *, size_t *, void *, size_t); @@ -592,7 +591,7 @@ int esp_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int esp_zeroize(struct tdb *); int esp_input(struct mbuf *, struct tdb *, int, int); int esp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); -int esp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +int esp_output(struct mbuf *, struct tdb *, int, int); int esp_output_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int, int); int esp_sysctl(int *, u_int, void *, size_t *, void *, size_t); @@ -610,7 +609,7 @@ int ipcomp_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int ipcomp_zeroize(struct tdb *); int ipcomp_input(struct mbuf *, struct tdb *, int, int); int ipcomp_input_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int); -int ipcomp_output(struct mbuf *, struct tdb *, struct mbuf **, int, int); +int ipcomp_output(struct mbuf *, struct tdb *, int, int); int ipcomp_output_cb(struct tdb *, struct tdb_crypto *, struct mbuf *, int, int); int ipcomp_sysctl(int *, u_int, void *, size_t *, void *, size_t); @@ -625,8 +624,7 @@ int tcp_signature_tdb_init(struct tdb *, const struct xformsw *, struct ipsecinit *); int tcp_signature_tdb_zeroize(struct tdb *); int tcp_signature_tdb_input(struct mbuf *, struct tdb *, int, int); -int tcp_signature_tdb_output(struct mbuf *, struct tdb *, struct mbuf **, - int, int); +int tcp_signature_tdb_output(struct mbuf *, struct tdb *, int, int); /* Replay window */ int checkreplaywindow(struct tdb *, u_int64_t, u_int32_t, u_int32_t *, int); diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 3792d7f65fb..bb9b7488883 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.87 2021/10/05 11:45:26 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.88 2021/10/13 14:36:31 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -73,7 +73,6 @@ int ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) { int hlen, off, error; - struct mbuf *mp; #ifdef INET6 struct ip6_ext ip6e; int nxt; @@ -242,12 +241,10 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } #endif /* INET6 */ - /* Encapsulate -- the last two arguments are unused. */ - error = ipip_output(m, tdb, &mp, 0, 0); - if ((mp == NULL) && (!error)) + /* Encapsulate -- m may be changed or set to NULL. */ + error = ipip_output(&m, tdb); + if ((m == NULL) && (!error)) error = EFAULT; - m = mp; - mp = NULL; if (error) goto drop; @@ -266,19 +263,15 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) /* Remember that we appended a tunnel header. */ tdb->tdb_flags |= TDBF_USEDTUNNEL; } - - /* We may be done with this TDB */ - if (tdb->tdb_xform->xf_type == XF_IP4) - return ipsp_process_done(m, tdb); - } else { - /* - * If this is just an IP-IP TDB and we're told there's - * already an encapsulation header, move on. - */ - if (tdb->tdb_xform->xf_type == XF_IP4) - return ipsp_process_done(m, tdb); } + /* + * If this is just an IP-IP TDB and we're told there's already an + * encapsulation header or ipip_output() has encapsulted it, move on. + */ + if (tdb->tdb_xform->xf_type == XF_IP4) + return ipsp_process_done(m, tdb); + /* Extract some information off the headers. */ switch (tdb->tdb_dst.sa.sa_family) { case AF_INET: @@ -377,7 +370,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) } /* Invoke the IPsec transform. */ - return (*(tdb->tdb_xform->xf_output))(m, tdb, NULL, hlen, off); + return (*(tdb->tdb_xform->xf_output))(m, tdb, hlen, off); drop: m_freem(m); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 249c1aada3e..87819a1a74b 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.179 2021/07/14 21:07:36 bluhm Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.180 2021/10/13 14:36:31 bluhm Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -966,8 +966,8 @@ tcp_signature_tdb_input(struct mbuf *m, struct tdb *tdbp, int skip, int protoff) } int -tcp_signature_tdb_output(struct mbuf *m, struct tdb *tdbp, struct mbuf **mp, - int skip, int protoff) +tcp_signature_tdb_output(struct mbuf *m, struct tdb *tdbp, int skip, + int protoff) { return (EINVAL); } -- 2.20.1