The branch stable/13 has been updated by rew: URL: https://cgit.FreeBSD.org/src/commit/?id=90aacac54b8336c5c36f64001d62ab2dd581c0c2
commit 90aacac54b8336c5c36f64001d62ab2dd581c0c2 Author: Robert Wing <[email protected]> AuthorDate: 2022-01-09 01:07:10 +0000 Commit: Robert Wing <[email protected]> CommitDate: 2022-02-10 19:28:54 +0000 tcpmd5: return ENOENT when security association not found Return ENOENT from tcp_ipsec_input() when a security association is not found. This allows callers of TCP_MD5_INPUT() to differentiate between a security association not found and receiving a bad signature. Also return ENOENT from tcp_ipsec_output() for consistency. Reviewed by: ae Sponsored by: nepustil.net Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D33226 (cherry picked from commit 91d388119ae229702538b96d79cf76556cf0ecf4) --- sys/netipsec/xform_tcp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index 54681f7df5d2..b53544cd00fb 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -251,7 +251,7 @@ setsockaddrs(const struct mbuf *m, union sockaddr_union *src, * th pointer to TCP header * buf pointer to storage for computed MD5 digest * - * Return 0 if successful, otherwise return -1. + * Return 0 if successful, otherwise return error code. */ static int tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, u_char *buf) @@ -267,7 +267,7 @@ tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, u_char *buf) sav = key_allocsa_tcpmd5(&saidx); if (sav == NULL) { KMOD_TCPSTAT_INC(tcps_sig_err_buildsig); - return (EACCES); + return (ENOENT); } /* * tcp_input() operates with TCP header fields in host @@ -307,7 +307,7 @@ tcp_ipsec_output(struct mbuf *m, struct tcphdr *th, u_char *buf) sav = key_allocsa_tcpmd5(&saidx); if (sav == NULL) { KMOD_TCPSTAT_INC(tcps_sig_err_buildsig); - return (EACCES); + return (ENOENT); } tcp_signature_compute(m, th, sav, buf); key_freesav(&sav);
