netipsec

Ryota Ozaki Wed, 19 Apr 2017 00:20:07 -0700

Module Name:    src
Committed By:   ozaki-r
Date:           Wed Apr 19 07:19:46 UTC 2017


Modified Files:
        src/sys/netipsec: ipsec.c key.c

Log Message:
Use KASSERT for sanity checks of function arguments


To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.111 -r1.112 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.79 src/sys/netipsec/ipsec.c:1.80
--- src/sys/netipsec/ipsec.c:1.79	Wed Apr 19 07:14:45 2017
+++ src/sys/netipsec/ipsec.c	Wed Apr 19 07:19:46 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.79 2017/04/19 07:14:45 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.79 2017/04/19 07:14:45 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.80 2017/04/19 07:19:46 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -1172,9 +1172,7 @@ ipsec6_get_ulp(struct mbuf *m, struct se
 	struct udphdr uh;
 	struct icmp6_hdr icmph;
 
-	/* sanity check */
-	if (m == NULL)
-		panic("%s: NULL pointer was passed", __func__);
+	KASSERT(m != NULL);
 
 	if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
 		printf("%s:\n", __func__);
@@ -1282,9 +1280,8 @@ ipsec_init_policy(struct socket *so, str
 {
 	struct inpcbpolicy *new;
 
-	/* sanity check. */
-	if (so == NULL || policy == NULL)
-		panic("%s: NULL pointer was passed", __func__);
+	KASSERT(so != NULL);
+	KASSERT(policy != NULL);
 
 	new = malloc(sizeof(*new), M_SECA, M_NOWAIT|M_ZERO);
 	if (new == NULL) {
@@ -1878,9 +1875,7 @@ ipsec6_in_reject(struct mbuf *m, struct 
 	int error;
 	int result;
 
-	/* sanity check */
-	if (m == NULL)
-		return 0;	/* XXX should be panic ? */
+	KASSERT(m != NULL);
 
 	/* get SP for this packet.
 	 * When we are called from ip_forward(), we call

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.111 src/sys/netipsec/key.c:1.112
--- src/sys/netipsec/key.c:1.111	Wed Apr 19 03:42:11 2017
+++ src/sys/netipsec/key.c	Wed Apr 19 07:19:46 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.112 2017/04/19 07:19:46 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.111 2017/04/19 03:42:11 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.112 2017/04/19 07:19:46 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -956,9 +956,8 @@ key_do_allocsa_policy(struct secashead *
 		/* Which SA is the better ? */
 
 		/* sanity check 2 */
-		if (candidate->lft_c == NULL || sav->lft_c == NULL)
-			panic("key_do_allocsa_policy: "
-			    "lifetime_current is NULL");
+		KASSERT(candidate->lft_c != NULL);
+		KASSERT(sav->lft_c != NULL);
 
 		/* What the best method is to compare ? */
 		if (key_prefered_oldsa) {
@@ -1442,11 +1441,9 @@ key_msg2sp(const struct sadb_x_policy *x
 {
 	struct secpolicy *newsp;
 
-	/* sanity check */
-	if (xpl0 == NULL)
-		panic("key_msg2sp: NULL pointer was passed");
-	if (len < sizeof(*xpl0))
-		panic("key_msg2sp: invalid length");
+	KASSERT(xpl0 != NULL);
+	KASSERT(len >= sizeof(*xpl0));
+
 	if (len != PFKEY_EXTLEN(xpl0)) {
 		ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
 		*error = EINVAL;
@@ -1674,9 +1671,7 @@ key_sp2msg(const struct secpolicy *sp)
 	char *p;
 	struct mbuf *m;
 
-	/* sanity check. */
-	if (sp == NULL)
-		panic("key_sp2msg: NULL pointer was passed");
+	KASSERT(sp != NULL);
 
 	tlen = key_getspreqmsglen(sp);
 
@@ -1740,8 +1735,8 @@ key_gather_mbuf(struct mbuf *m, const st
 	struct mbuf *result = NULL, *n;
 	int len;
 
-	if (m == NULL || mhp == NULL)
-		panic("null pointer passed to key_gather");
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
 
 	va_start(ap, nitem);
 	for (i = 0; i < nitem; i++) {
@@ -1831,9 +1826,10 @@ key_spdadd(struct socket *so, struct mbu
 	struct secpolicy *newsp;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spdadd: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 	    mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
@@ -2080,9 +2076,10 @@ key_spddelete(struct socket *so, struct 
 	struct secpolicyindex spidx;
 	struct secpolicy *sp;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spddelete: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 	    mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
@@ -2178,9 +2175,10 @@ key_spddelete2(struct socket *so, struct
 	u_int32_t id;
 	struct secpolicy *sp;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spddelete2: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 	    mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
@@ -2277,9 +2275,10 @@ key_spdget(struct socket *so, struct mbu
 	struct secpolicy *sp;
 	struct mbuf *n;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spdget: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 	    mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
@@ -2327,13 +2326,10 @@ key_spdacquire(const struct secpolicy *s
 	struct secspacq *newspacq;
 	int error;
 
-	/* sanity check */
-	if (sp == NULL)
-		panic("key_spdacquire: NULL pointer is passed");
-	if (sp->req != NULL)
-		panic("key_spdacquire: called but there is request");
-	if (sp->policy != IPSEC_POLICY_IPSEC)
-		panic("key_spdacquire: policy mismathed. IPsec is expected");
+	KASSERT(sp != NULL);
+	KASSERTMSG(sp->req == NULL, "called but there is request");
+	KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC,
+	    "policy mismathed. IPsec is expected");
 
 	/* Get an entry to check whether sent message or not. */
 	if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
@@ -2397,9 +2393,10 @@ key_spdflush(struct socket *so, struct m
 	struct secpolicy *sp;
 	u_int dir;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spdflush: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 		return key_senderror(so, m, EINVAL);
@@ -2519,10 +2516,10 @@ key_spddump(struct socket *so, struct mb
 	int ok, s;
 	pid_t pid;
 
-	/* sanity check */
-	if (so == NULL || m0 == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_spddump: NULL pointer is passed");
-
+	KASSERT(so != NULL);
+	KASSERT(m0 != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	pid = mhp->msg->sadb_msg_pid;
 	/*
@@ -2589,9 +2586,10 @@ key_nat_map(struct socket *so, struct mb
 	struct sadb_address *iaddr, *raddr;
 	struct sadb_x_nat_t_frag *frag;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_nat_map: NULL pointer is passed.");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
 		mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
@@ -2743,9 +2741,7 @@ key_spdexpire(struct secpolicy *sp)
 	/* XXX: Why do we lock ? */
 	s = splsoftnet();	/*called from softclock()*/
 
-	/* sanity check */
-	if (sp == NULL)
-		panic("key_spdexpire: NULL pointer is passed");
+	KASSERT(sp != NULL);
 
 	/* set msg header */
 	m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
@@ -2877,9 +2873,7 @@ key_delsah(struct secashead *sah)
 	int s;
 	int zombie = 0;
 
-	/* sanity check */
-	if (sah == NULL)
-		panic("key_delsah: NULL pointer is passed");
+	KASSERT(sah != NULL);
 
 	s = splsoftnet();	/*called from softclock()*/
 
@@ -2944,9 +2938,10 @@ key_newsav(struct mbuf *m, const struct 
 	struct secasvar *newsav;
 	const struct sadb_sa *xsa;
 
-	/* sanity check */
-	if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
-		panic("key_newsa: NULL pointer is passed");
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
+	KASSERT(sah != NULL);
 
 	KMALLOC(newsav, struct secasvar *, sizeof(struct secasvar));
 	if (newsav == NULL) {
@@ -3176,9 +3171,9 @@ key_setsaval(struct secasvar *sav, struc
 {
 	int error = 0;
 
-	/* sanity check */
-	if (m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_setsaval: NULL pointer is passed");
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* initialization */
 	sav->replay = NULL;
@@ -4101,9 +4096,7 @@ key_ismyaddr(const struct sockaddr *sa)
 	int s;
 #endif
 
-	/* sanity check */
-	if (sa == NULL)
-		panic("key_ismyaddr: NULL pointer is passed");
+	KASSERT(sa != NULL);
 
 	switch (sa->sa_family) {
 #ifdef INET
@@ -4917,9 +4910,10 @@ key_getspi(struct socket *so, struct mbu
 	u_int16_t reqid;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_getspi: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 	    mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
@@ -5283,9 +5277,10 @@ key_update(struct socket *so, struct mbu
 	u_int16_t reqid;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_update: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -5480,9 +5475,10 @@ key_add(struct socket *so, struct mbuf *
 	u_int16_t reqid;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_add: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -5594,9 +5590,10 @@ key_setident(struct secashead *sah, stru
 	const struct sadb_ident *idsrc, *iddst;
 	int idsrclen, iddstlen;
 
-	/* sanity check */
-	if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_setident: NULL pointer is passed");
+	KASSERT(sah != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* don't make buffer if not there */
 	if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
@@ -5662,9 +5659,9 @@ key_getmsgbuf_x1(struct mbuf *m, const s
 {
 	struct mbuf *n;
 
-	/* sanity check */
-	if (m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_getmsgbuf_x1: NULL pointer is passed");
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* create new sadb_msg to reply. */
 	n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED,
@@ -5716,9 +5713,10 @@ key_delete(struct socket *so, struct mbu
 	u_int16_t proto;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_delete: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -5908,9 +5906,10 @@ key_get(struct socket *so, struct mbuf *
 	u_int16_t proto;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_get: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -6546,9 +6545,10 @@ key_acquire2(struct socket *so, struct m
 	u_int16_t proto;
 	int error;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_acquire2: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/*
 	 * Error message from KMd.
@@ -6660,9 +6660,10 @@ key_register(struct socket *so, struct m
 {
 	struct secreg *reg, *newreg = 0;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_register: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* check for invalid register message */
 	if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
@@ -6809,9 +6810,7 @@ key_freereg(struct socket *so)
 	struct secreg *reg;
 	int i;
 
-	/* sanity check */
-	if (so == NULL)
-		panic("key_freereg: NULL pointer is passed");
+	KASSERT(so != NULL);
 
 	/*
 	 * check whether existing or not.
@@ -6855,13 +6854,11 @@ key_expire(struct secasvar *sav)
 	/* XXX: Why do we lock ? */
 	s = splsoftnet();	/*called from softclock()*/
 
-	/* sanity check */
-	if (sav == NULL)
-		panic("key_expire: NULL pointer is passed");
-	if (sav->sah == NULL)
-		panic("key_expire: Why was SA index in SA NULL");
-	if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
-		panic("key_expire: invalid proto is passed");
+	KASSERT(sav != NULL);
+	KASSERT(sav->sah != NULL);
+
+	satype = key_proto2satype(sav->sah->saidx.proto);
+	KASSERTMSG(satype != 0, "invalid proto is passed");
 
 	/* set msg header */
 	m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
@@ -6985,9 +6982,9 @@ key_flush(struct socket *so, struct mbuf
 	u_int8_t state;
 	u_int stateidx;
 
-	/* sanity check */
-	if (so == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_flush: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
@@ -7157,9 +7154,10 @@ key_dump(struct socket *so, struct mbuf 
 	int s;
 	int error, len, ok;
 
-	/* sanity check */
-	if (so == NULL || m0 == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_dump: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m0 != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	/* map satype to proto */
 	satype = mhp->msg->sadb_msg_satype;
@@ -7228,9 +7226,10 @@ key_promisc(struct socket *so, struct mb
 {
 	int olen;
 
-	/* sanity check */
-	if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
-		panic("key_promisc: NULL pointer is passed");
+	KASSERT(so != NULL);
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(mhp->msg != NULL);
 
 	olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 
@@ -7318,9 +7317,8 @@ key_parse(struct mbuf *m, struct socket 
 	int error;
 	int target;
 
-	/* sanity check */
-	if (m == NULL || so == NULL)
-		panic("key_parse: NULL pointer is passed");
+	KASSERT(m != NULL);
+	KASSERT(so != NULL);
 
 #if 0	/*kdebug_sadb assumes msg in linear buffer*/
 	if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
@@ -7567,8 +7565,7 @@ key_senderror(struct socket *so, struct 
 {
 	struct sadb_msg *msg;
 
-	if (m->m_len < sizeof(struct sadb_msg))
-		panic("invalid mbuf passed to key_senderror");
+	KASSERT(m->m_len >= sizeof(struct sadb_msg));
 
 	msg = mtod(m, struct sadb_msg *);
 	msg->sadb_msg_errno = code;
@@ -7589,11 +7586,9 @@ key_align(struct mbuf *m, struct sadb_ms
 	int extlen;
 	int toff;
 
-	/* sanity check */
-	if (m == NULL || mhp == NULL)
-		panic("key_align: NULL pointer is passed");
-	if (m->m_len < sizeof(struct sadb_msg))
-		panic("invalid mbuf passed to key_align");
+	KASSERT(m != NULL);
+	KASSERT(mhp != NULL);
+	KASSERT(m->m_len >= sizeof(struct sadb_msg));
 
 	/* initialize */
 	memset(mhp, 0, sizeof(*mhp));
@@ -7819,9 +7814,8 @@ key_checktunnelsanity(
     void *dst
 )
 {
-	/* sanity check */
-	if (sav->sah == NULL)
-		panic("sav->sah == NULL at key_checktunnelsanity");
+
+	KASSERT(sav->sah != NULL);
 
 	/* XXX: check inner IP header */
 
@@ -7956,8 +7950,8 @@ key_sa_routechange(struct sockaddr *dst)
 static void
 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
 {
-	if (sav == NULL)
-		panic("key_sa_chgstate called with sav == NULL");
+
+	KASSERT(sav != NULL);
 
 	if (sav->state == state)
 		return;

CVS commit: src/sys/netipsec

Reply via email to