git: 626bd0970abf - main - ipsec: fix edge case detection in key_do_getnewspi

Wed, 03 Nov 2021 12:52:03 -0700 

The branch main has been updated by mjg:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=626bd0970abfdfba596bced3bc8a47adaf11a46d

commit 626bd0970abfdfba596bced3bc8a47adaf11a46d
Author:     Mateusz Guzik <[email protected]>
AuthorDate: 2021-11-03 14:00:53 +0000
Commit:     Mateusz Guzik <[email protected]>
CommitDate: 2021-11-03 19:51:40 +0000

    ipsec: fix edge case detection in key_do_getnewspi
    
    The 'count' variable would end up being -1 post loop, while the
    following condition would check for 0 instead.
    
    PR:             258849
    Reported by:    [email protected]
    Reviewed by:    ae
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D32826
---
 sys/netipsec/key.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 72c598586d8e..48de29305b3c 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -5019,7 +5019,7 @@ static uint32_t
 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx)
 {
        uint32_t min, max, newspi, t;
-       int count = V_key_spi_trycnt;
+       int tries, limit;
 
        /* set spi range to allocate */
        if (spirange != NULL) {
@@ -5047,21 +5047,22 @@ key_do_getnewspi(struct sadb_spirange *spirange, struct 
secasindex *saidx)
                        return 0;
                }
 
-               count--; /* taking one cost. */
+               tries = 1;
                newspi = min;
        } else {
                /* init SPI */
                newspi = 0;
 
+               limit = atomic_load_int(&V_key_spi_trycnt);
                /* when requesting to allocate spi ranged */
-               while (count--) {
+               for (tries = 0; tries < limit; tries++) {
                        /* generate pseudo-random SPI value ranged. */
                        newspi = min + (key_random() % (max - min + 1));
                        if (!key_checkspidup(htonl(newspi)))
                                break;
                }
 
-               if (count == 0 || newspi == 0) {
+               if (tries == limit || newspi == 0) {
                        ipseclog((LOG_DEBUG,
                            "%s: failed to allocate SPI.\n", __func__));
                        return 0;
@@ -5070,7 +5071,7 @@ key_do_getnewspi(struct sadb_spirange *spirange, struct 
secasindex *saidx)
 
        /* statistics */
        keystat.getspi_count =
-           (keystat.getspi_count + V_key_spi_trycnt - count) / 2;
+           (keystat.getspi_count + tries) / 2;
 
        return (htonl(newspi));
 }

Reply via email to