6616749 Stronger IPsec algorithm existence checks needed.

6618673 IPsec per-socket policy for IPv6 no longer works, causes panics in bypass + no-global case.
author: danmcd <none@none> 2007-10-19 15:23:10 -0700
committer: danmcd <none@none> 2007-10-19 15:23:10 -0700
commit: 10b3fbf593a6678eec9b50a01903ef4eb73111e4 (patch)
tree: ab81dccbb54a3ac0cd1554734ba4b46bec646692 /usr/src/uts/common/inet/ip/sadb.c
parent: 57607821588eaddbfd5479d2ed83380b4553f15d (diff)
download: illumos-joyent-10b3fbf593a6678eec9b50a01903ef4eb73111e4.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c
index 2af693d1d0..ace5a3df04 100644
--- a/usr/src/uts/common/inet/ip/sadb.c
+++ b/usr/src/uts/common/inet/ip/sadb.c
@@ -4618,6 +4618,10 @@ sadb_new_algdesc(uint8_t *start, uint8_t *limit,
 	mutex_enter(&ipss->ipsec_alg_lock);
 	algp = ipss->ipsec_alglists[(algtype == SADB_X_ALGTYPE_AUTH) ?
 	    IPSEC_ALG_AUTH : IPSEC_ALG_ENCR][alg];
+	if (algp == NULL) {
+		mutex_exit(&ipss->ipsec_alg_lock);
+		return (NULL);	/* Algorithm doesn't exist.  Fail gracefully. */
+	}
 	if (minbits < algp->alg_ef_minbits)
 		minbits = algp->alg_ef_minbits;
 	if (maxbits > algp->alg_ef_maxbits)
author	danmcd <none@none>	2007-10-19 15:23:10 -0700
committer	danmcd <none@none>	2007-10-19 15:23:10 -0700
commit	10b3fbf593a6678eec9b50a01903ef4eb73111e4 (patch)
tree	ab81dccbb54a3ac0cd1554734ba4b46bec646692 /usr/src/uts/common/inet/ip/sadb.c
parent	57607821588eaddbfd5479d2ed83380b4553f15d (diff)
download	illumos-joyent-10b3fbf593a6678eec9b50a01903ef4eb73111e4.tar.gz