mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 13:11:07 +01:00
Fix a bug introduced in r221129 that leads to a panic wen using bundled
SAs. For now allow same address family bundles. While discovered with ESP and AH, which does not make a lot of sense, IPcomp could be a possible problematic candidate. PR: kern/164400 MFC after: 3 days
This commit is contained in:
Bjoern A. Zeeb
parent
0989f56cff
commit
174b0d419b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=238700
@ -165,8 +165,7 @@ ipsec_process_done(struct mbuf *m, struct ipsecrequest *isr)
|
||||
*/
|
||||
if (isr->next) {
|
||||
V_ipsec4stat.ips_out_bundlesa++;
|
||||
sav = isr->next->sav;
|
||||
saidx = &sav->sah->saidx;
|
||||
/* XXX-BZ currently only support same AF bundles. */
|
||||
switch (saidx->dst.sa.sa_family) {
|
||||
#ifdef INET
|
||||
case AF_INET:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user