Like with route messages we should really only forward pfkey messages that made it past the validation step. This fixes a lot of possible crashes in ipsecctl -m.
ok? diff /home/user/got/co/src commit - 1ce2bc211dba4164679169b9248650fd1d6ba9d2 path + /home/user/got/co/src blob - e750ae8bdbe6819473884a8c37a518171c63ad60 file + sys/net/pfkeyv2.c --- sys/net/pfkeyv2.c +++ sys/net/pfkeyv2.c @@ -1162,6 +1162,10 @@ pfkeyv2_dosend(struct socket *so, void *message, int l rdomain = kp->kcb_rdomain; + /* Validate message format */ + if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0) + goto ret; + /* If we have any promiscuous listeners, send them a copy of the message */ if (promisc) { struct mbuf *packet; @@ -1208,10 +1212,6 @@ pfkeyv2_dosend(struct socket *so, void *message, int l freeme_sz = 0; } - /* Validate message format */ - if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0) - goto ret; - /* use specified rdomain */ srdomain = (struct sadb_x_rdomain *) headers[SADB_X_EXT_RDOMAIN]; if (srdomain) {