[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kernel/983: ip_auth.c lacks additional param to ip_output()
>Number: 983
>Category: kernel
>Synopsis: ip_auth.c lacks additional param to ip_output()
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 19 18:10:01 MST 1999
>Last-Modified:
>Originator: Jun-ichiro itojun Hagino
>Organization:
net
>Release: OpenBSD guava.itojun.org 2.6 GENERIC.v6#76 i386
>Environment:
System : OpenBSD 2.6
Architecture: OpenBSD.i386
Machine : i386
>Description:
call from ip_auth.c to ip_output() lacks OpenBSD's additional
parameter to ip_output(), for per-socket IPsec policy. I'm not
sure if the code will be visited or not, but good to be cautious.
>How-To-Repeat:
>Fix:
Something like this.
Index: openbsd/sys/netinet/ip_auth.c
===================================================================
RCS file: /cvsroot/kame/kame/openbsd/sys/netinet/ip_auth.c,v
retrieving revision 1.2
diff -c -r1.2 ip_auth.c
*** openbsd/sys/netinet/ip_auth.c 1999/08/31 09:22:10 1.2
--- openbsd/sys/netinet/ip_auth.c 1999/11/20 00:59:36
***************
*** 386,392 ****
--- 386,396 ----
# if SOLARIS
error = fr_qout(fr_auth[i].fra_q, m);
# else /* SOLARIS */
+ #ifdef __OpenBSD__
+ error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
+ #else
error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL);
+ #endif
# endif /* SOLARIS */
if (error)
fr_authstats.fas_sendfail++;
>Audit-Trail:
>Unformatted: