From 85f2a66ceafd7a13f51d0352c62b5d69f4620edb Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Sun, 17 Feb 2013 19:34:06 -0600 Subject: [PATCH] rx: Assert call error for RXS_PreparePacket error If we've received an error from the underlying security class, we must not try to send the given packet, or we risk security issues. We currently achieve this by setting an error on the connection. It is slightly indirect in how this yields an error on this specific call, and so it may not be immediately clear, but doing so is critical. If somehow the call does not have an error by the end of this, we cannot proceed as this is an error condition we do not handle. So, assert. Change-Id: Ie0106ab170ecb77bb102c5afa3ec44ba2b704283 Reviewed-on: http://gerrit.openafs.org/9122 Tested-by: BuildBot Reviewed-by: Simon Wilkinson Reviewed-by: Derrick Brashear --- src/rx/rx_packet.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/rx/rx_packet.c b/src/rx/rx_packet.c index ac10c2779..442f59810 100644 --- a/src/rx/rx_packet.c +++ b/src/rx/rx_packet.c @@ -2785,6 +2785,11 @@ rxi_PrepareSendPacket(struct rx_call *call, p = rxi_SendConnectionAbort(conn, p, 0, 0); MUTEX_EXIT(&conn->conn_data_lock); MUTEX_ENTER(&call->lock); + /* setting a connection error means all calls for that conn are also + * error'd. if this call does not have an error by now, something is + * very wrong, and we risk sending data in the clear that is supposed + * to be encrypted. */ + osi_Assert(call->error); } } -- 2.39.5