ipsec esp: avoid dereferencing freed secasindex

(cherry picked from commit 1a56620b79)
This commit is contained in:
Konstantin Belousov 2024-02-25 12:30:48 +02:00
parent ee1e748d21
commit bf58a77ae1

View File

@ -500,6 +500,13 @@ esp_input_cb(struct cryptop *crp)
xd = crp->crp_opaque;
CURVNET_SET(xd->vnet);
sav = xd->sav;
if (sav->state >= SADB_SASTATE_DEAD) {
/* saidx is freed */
DPRINTF(("%s: dead SA %p spi %#x\n", __func__, sav, sav->spi));
ESPSTAT_INC(esps_notdb);
error = ESRCH;
goto bad;
}
skip = xd->skip;
protoff = xd->protoff;
cryptoid = xd->cryptoid;