rx: Assert call error for RXS_PreparePacket error

If we've received an error from the underlying security class, we must
not try to send the given packet, or we risk security issues. We
currently achieve this by setting an error on the connection. It is
slightly indirect in how this yields an error on this specific call,
and so it may not be immediately clear, but doing so is critical. If
somehow the call does not have an error by the end of this, we cannot
proceed as this is an error condition we do not handle. So, assert.

Reviewed-on: http://gerrit.openafs.org/9122
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 85f2a66ceafd7a13f51d0352c62b5d69f4620edb)

Change-Id: Iae523e6f18dd73749a6be5c3d10e132e5c14a70c
Reviewed-on: http://gerrit.openafs.org/9280
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/rx/rx_packet.c b/src/rx/rx_packet.c
index 218cdd4bb9946a7b6adf7bded3c586642aef66c3..7ac3a571013ebd648788ba769f89cdcd285a8d8d 100644 (file)
--- a/src/rx/rx_packet.c
+++ b/src/rx/rx_packet.c
@@ -2807,6 +2807,11 @@ rxi_PrepareSendPacket(struct rx_call *call,
        p = rxi_SendConnectionAbort(conn, p, 0, 0);
        MUTEX_EXIT(&conn->conn_data_lock);
        MUTEX_ENTER(&call->lock);
+       /* setting a connection error means all calls for that conn are also
+        * error'd. if this call does not have an error by now, something is
+        * very wrong, and we risk sending data in the clear that is supposed
+        * to be encrypted. */
+       osi_Assert(call->error);
     }
 }