search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
syscons - Fix NULL pointer access in 0d7c8a4d1cafae68239
[dragonfly.git] / sys / netinet6 / ipcomp_core.c
bloba6f80ddbe85c3ca85da68fe65d6b793fb89799b2
1 /* $FreeBSD: src/sys/netinet6/ipcomp_core.c,v 1.1.2.5 2003/01/11 19:10:59 ume Exp $ */
2 /* $KAME: ipcomp_core.c,v 1.25 2001/07/26 06:53:17 jinmei Exp $ */
3
4 /*
5 * Copyright (C) 1999 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * RFC2393 IP payload compression protocol (IPComp).
35 */
36
37 #include "opt_inet.h"
38 #include "opt_inet6.h"
39
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
43 #include <sys/mbuf.h>
44 #include <sys/domain.h>
45 #include <sys/protosw.h>
46 #include <sys/socket.h>
47 #include <sys/errno.h>
48 #include <sys/time.h>
49 #include <sys/syslog.h>
50 #include <sys/queue.h>
51
52 #include <net/if.h>
53 #include <net/route.h>
54 #include <netinet/in.h>
55 #include <net/netisr.h>
56 #include <net/zlib.h>
57 #include <machine/cpu.h>
58
59 #include <netinet6/ipcomp.h>
60 #ifdef INET6
61 #include <netinet6/ipcomp6.h>
62 #endif
63 #include <netinet6/ipsec.h>
64 #ifdef INET6
65 #include <netinet6/ipsec6.h>
66 #endif
67
68 #include <machine/stdarg.h>
69
70 #include <net/net_osdep.h>
71
72 static void *deflate_alloc (void *, u_int, u_int);
73 static void deflate_free (void *, void *);
74 static int deflate_common (struct mbuf *, struct mbuf *, size_t *, int);
75 static int deflate_compress (struct mbuf *, struct mbuf *, size_t *);
76 static int deflate_decompress (struct mbuf *, struct mbuf *, size_t *);
77
78 /*
79 * We need to use default window size (2^15 = 32Kbytes as of writing) for
80 * inbound case. Otherwise we get interop problem.
81 * Use negative value to avoid Adler32 checksum. This is an undocumented
82 * feature in zlib (see ipsec wg mailing list archive in January 2000).
83 */
84 static int deflate_policy = Z_DEFAULT_COMPRESSION;
85 static int deflate_window_out = -12;
86 static const int deflate_window_in = -1 * MAX_WBITS; /* don't change it */
87 static int deflate_memlevel = MAX_MEM_LEVEL;
88
89 static const struct ipcomp_algorithm ipcomp_algorithms[] = {
90 { deflate_compress, deflate_decompress, 90 },
91 };
92
93 const struct ipcomp_algorithm *
94 ipcomp_algorithm_lookup(int idx)
95 {
96
97 if (idx == SADB_X_CALG_DEFLATE)
98 return &ipcomp_algorithms[0];
99 return NULL;
100 }
101
102 static void *
103 deflate_alloc(void *aux, u_int items, u_int siz)
104 {
105 void *ptr;
106 ptr = kmalloc(items * siz, M_TEMP, M_NOWAIT);
107 return ptr;
108 }
109
110 static void
111 deflate_free(void *aux, void *ptr)
112 {
113 kfree(ptr, M_TEMP);
114 }
115
116 static int
117 deflate_common(struct mbuf *m, struct mbuf *md, size_t *lenp,
118 int mode) /* 0: compress 1: decompress */
119 {
120 struct mbuf *mprev;
121 struct mbuf *p;
122 struct mbuf *n = NULL, *n0 = NULL, **np;
123 z_stream zs;
124 int error = 0;
125 int zerror;
126 size_t offset;
127
128 #define MOREBLOCK() \
129 do { \
130 /* keep the reply buffer into our chain */ \
131 if (n) { \
132 n->m_len = zs.total_out - offset; \
133 offset = zs.total_out; \
134 *np = n; \
135 np = &n->m_next; \
136 n = NULL; \
137 } \
138 \
139 /* get a fresh reply buffer */ \
140 n = m_getcl(M_NOWAIT, MT_DATA, 0); \
141 if (!n) { \
142 error = ENOBUFS; \
143 goto fail; \
144 } \
145 n->m_len = 0; \
146 n->m_len = M_TRAILINGSPACE(n); \
147 n->m_next = NULL; \
148 /* \
149 * if this is the first reply buffer, reserve \
150 * region for ipcomp header. \
151 */ \
152 if (*np == NULL) { \
153 n->m_len -= sizeof(struct ipcomp); \
154 n->m_data += sizeof(struct ipcomp); \
155 } \
156 \
157 zs.next_out = mtod(n, u_int8_t *); \
158 zs.avail_out = n->m_len; \
159 } while (0)
160
161 for (mprev = m; mprev && mprev->m_next != md; mprev = mprev->m_next)
162 ;
163 if (!mprev)
164 panic("md is not in m in deflate_common");
165
166 bzero(&zs, sizeof(zs));
167 zs.zalloc = deflate_alloc;
168 zs.zfree = deflate_free;
169
170 zerror = mode ? inflateInit2(&zs, deflate_window_in)
171 : deflateInit2(&zs, deflate_policy, Z_DEFLATED,
172 deflate_window_out, deflate_memlevel,
173 Z_DEFAULT_STRATEGY);
174 if (zerror != Z_OK) {
175 error = ENOBUFS;
176 goto fail;
177 }
178
179 n0 = n = NULL;
180 np = &n0;
181 offset = 0;
182 zerror = 0;
183 p = md;
184 while (p && p->m_len == 0) {
185 p = p->m_next;
186 }
187
188 /* input stream and output stream are available */
189 while (p && zs.avail_in == 0) {
190 /* get input buffer */
191 if (p && zs.avail_in == 0) {
192 zs.next_in = mtod(p, u_int8_t *);
193 zs.avail_in = p->m_len;
194 p = p->m_next;
195 while (p && p->m_len == 0) {
196 p = p->m_next;
197 }
198 }
199
200 /* get output buffer */
201 if (zs.next_out == NULL || zs.avail_out == 0) {
202 MOREBLOCK();
203 }
204
205 zerror = mode ? inflate(&zs, Z_NO_FLUSH)
206 : deflate(&zs, Z_NO_FLUSH);
207
208 if (zerror == Z_STREAM_END)
209 ; /* once more. */
210 else if (zerror == Z_OK) {
211 /* inflate: Z_OK can indicate the end of decode */
212 if (mode && !p && zs.avail_out != 0)
213 goto terminate;
214 else {
215 ; /* once more. */
216 }
217 } else {
218 if (zs.msg) {
219 ipseclog((LOG_ERR, "ipcomp_%scompress: "
220 "%sflate(Z_NO_FLUSH): %s\n",
221 mode ? "de" : "", mode ? "in" : "de",
222 zs.msg));
223 } else {
224 ipseclog((LOG_ERR, "ipcomp_%scompress: "
225 "%sflate(Z_NO_FLUSH): unknown error (%d)\n",
226 mode ? "de" : "", mode ? "in" : "de",
227 zerror));
228 }
229 mode ? inflateEnd(&zs) : deflateEnd(&zs);
230 error = EINVAL;
231 goto fail;
232 }
233 }
234
235 if (zerror == Z_STREAM_END)
236 goto terminate;
237
238 /* termination */
239 while (1) {
240 /* get output buffer */
241 if (zs.next_out == NULL || zs.avail_out == 0) {
242 MOREBLOCK();
243 }
244
245 zerror = mode ? inflate(&zs, Z_SYNC_FLUSH)
246 : deflate(&zs, Z_FINISH);
247
248 if (zerror == Z_STREAM_END)
249 break;
250 else if (zerror == Z_OK) {
251 if (mode && zs.avail_out != 0)
252 goto terminate;
253 else {
254 ; /* once more. */
255 }
256 } else {
257 if (zs.msg) {
258 ipseclog((LOG_ERR, "ipcomp_%scompress: "
259 "%sflate(Z_FINISH): %s\n",
260 mode ? "de" : "", mode ? "in" : "de",
261 zs.msg));
262 } else {
263 ipseclog((LOG_ERR, "ipcomp_%scompress: "
264 "%sflate(Z_FINISH): unknown error (%d)\n",
265 mode ? "de" : "", mode ? "in" : "de",
266 zerror));
267 }
268 mode ? inflateEnd(&zs) : deflateEnd(&zs);
269 error = EINVAL;
270 goto fail;
271 }
272 }
273
274 terminate:
275 zerror = mode ? inflateEnd(&zs) : deflateEnd(&zs);
276 if (zerror != Z_OK) {
277 if (zs.msg) {
278 ipseclog((LOG_ERR, "ipcomp_%scompress: "
279 "%sflateEnd: %s\n",
280 mode ? "de" : "", mode ? "in" : "de",
281 zs.msg));
282 } else {
283 ipseclog((LOG_ERR, "ipcomp_%scompress: "
284 "%sflateEnd: unknown error (%d)\n",
285 mode ? "de" : "", mode ? "in" : "de",
286 zerror));
287 }
288 error = EINVAL;
289 goto fail;
290 }
291 /* keep the final reply buffer into our chain */
292 if (n) {
293 n->m_len = zs.total_out - offset;
294 offset = zs.total_out;
295 *np = n;
296 np = &n->m_next;
297 n = NULL;
298 }
299
300 /* switch the mbuf to the new one */
301 mprev->m_next = n0;
302 m_freem(md);
303 *lenp = zs.total_out;
304
305 return 0;
306
307 fail:
308 if (m)
309 m_freem(m);
310 if (n)
311 m_freem(n);
312 if (n0)
313 m_freem(n0);
314 return error;
315 #undef MOREBLOCK
316 }
317
318 static int
319 deflate_compress(struct mbuf *m, struct mbuf *md, size_t *lenp)
320 {
321 if (!m)
322 panic("m == NULL in deflate_compress");
323 if (!md)
324 panic("md == NULL in deflate_compress");
325 if (!lenp)
326 panic("lenp == NULL in deflate_compress");
327
328 return deflate_common(m, md, lenp, 0);
329 }
330
331 static int
332 deflate_decompress(struct mbuf *m, struct mbuf *md, size_t *lenp)
333 {
334 if (!m)
335 panic("m == NULL in deflate_decompress");
336 if (!md)
337 panic("md == NULL in deflate_decompress");
338 if (!lenp)
339 panic("lenp == NULL in deflate_decompress");
340
341 return deflate_common(m, md, lenp, 1);
342 }
DragonFly BSD