From: Kazunori Miyazawa <kazunori@miyazawa.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: davem@davemloft.net, netdev@oss.sgi.com, usagi-core@linux-ipv6.org
Subject: Re: [PATCH][IPsec] fix process of error from crypto module
Date: Thu, 27 Jan 2005 13:51:52 +0900 [thread overview]
Message-ID: <41F87368.7060909@miyazawa.org> (raw)
In-Reply-To: <E1Cttr8-0005S6-00@gondolin.me.apana.org.au>
Herbert Xu wrote:
> MIYAZAWA Kazunori <kazunori@miyazawa.org> wrote:
>
>>This patch fixes the process under the case that the crypto module
>>returns error because of its weak keys or etc.
>
>
> Good catch.
>
>
>>diff -ur a/net/ipv6/esp6.c b/net/ipv6/esp6.c
>>--- a/net/ipv6/esp6.c 2004-12-25 06:35:01.000000000 +0900
>>+++ b/net/ipv6/esp6.c 2005-01-26 18:57:04.000000000 +0900
>>@@ -364,7 +364,8 @@
>> goto error;
>> get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
>> }
>>- crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
>>+ if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
>>+ goto error;
>> x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
>> if (x->props.mode)
>> x->props.header_len += sizeof(struct ipv6hdr);
>
>
> You need to free esp->conf.ivec here.
>
> Cheers,
Thank you for your check, Herbert.
I send the fixed patch.
BTW, esp6_destroy seem to be similar to esp_destroy.
Should we export esp_destroy and IPv4 and IPv6 use it?
Do we have any reason to define the functions separately?
diff -ruN a/net/ipv4/esp4.c b/net/ipv4/esp4.c
--- a/net/ipv4/esp4.c 2004-12-25 06:34:58.000000000 +0900
+++ b/net/ipv4/esp4.c 2005-01-26 18:57:18.000000000 +0900
@@ -427,7 +427,8 @@
goto error;
get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
}
- crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
+ if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
+ goto error;
x->props.header_len = sizeof(struct ip_esp_hdr) + esp->conf.ivlen;
if (x->props.mode)
x->props.header_len += sizeof(struct iphdr);
diff -ruN a/net/ipv6/esp6.c b/net/ipv6/esp6.c
--- a/net/ipv6/esp6.c 2004-12-25 06:35:01.000000000 +0900
+++ b/net/ipv6/esp6.c 2005-01-27 00:55:34.000000000 +0900
@@ -364,7 +364,8 @@
goto error;
get_random_bytes(esp->conf.ivec, esp->conf.ivlen);
}
- crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len);
+ if (crypto_cipher_setkey(esp->conf.tfm, esp->conf.key, esp->conf.key_len))
+ goto error;
x->props.header_len = sizeof(struct ipv6_esp_hdr) + esp->conf.ivlen;
if (x->props.mode)
x->props.header_len += sizeof(struct ipv6hdr);
@@ -372,15 +373,9 @@
return 0;
error:
- if (esp) {
- if (esp->auth.tfm)
- crypto_free_tfm(esp->auth.tfm);
- if (esp->auth.work_icv)
- kfree(esp->auth.work_icv);
- if (esp->conf.tfm)
- crypto_free_tfm(esp->conf.tfm);
- kfree(esp);
- }
+ x->data = esp;
+ esp6_destroy(x);
+ x->data = NULL;
return -EINVAL;
}
next prev parent reply other threads:[~2005-01-27 4:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-26 10:10 [PATCH][IPsec] fix process of error from crypto module MIYAZAWA Kazunori
2005-01-26 20:33 ` Herbert Xu
2005-01-27 4:51 ` Kazunori Miyazawa [this message]
2005-01-27 5:20 ` Herbert Xu
2005-01-27 6:43 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41F87368.7060909@miyazawa.org \
--to=kazunori@miyazawa.org \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@oss.sgi.com \
--cc=usagi-core@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).