Module Name: src
Committed By: vanhu
Date: Tue Mar 15 13:20:14 UTC 2011
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: isakmp.c isakmp_inf.c pfkey.c
Log Message:
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(),
as it is useless an can lead to memory access after free
To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
cvs rdiff -u -r1.46 -r1.47 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
cvs rdiff -u -r1.56 -r1.57 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.70 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.71
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.70 Mon Mar 14 17:18:12 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Tue Mar 15 13:20:14 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.70 2011/03/14 17:18:12 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.71 2011/03/15 13:20:14 vanhu Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -2018,7 +2018,7 @@
iph1->status = PHASE1ST_EXPIRED;
}
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
/* called from scheduler */
@@ -2046,20 +2046,16 @@
/* Discard any left phase2s */
for (p = LIST_FIRST(&iph1->ph2tree); p; p = next) {
next = LIST_NEXT(p, ph1bind);
- if (p->status >= PHASE2ST_ESTABLISHED)
- unbindph12(p);
- /* Should we also remove non established ph2
- * handles, as we just invalidated ph1handle ?
+ if (p->status == PHASE2ST_ESTABLISHED)
+ isakmp_info_send_d2(p);
+ /* remove all ph2 handles,
+ * as ph1handle will be expired soon
*/
+ delete_spd(p, 1);
+ remph2(p);
+ delph2(p);
}
- if (LIST_FIRST(&iph1->ph2tree) != NULL) {
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
- return;
- }
-
- /* don't re-negosiation when the phase 1 SA expires. */
-
src = racoon_strdup(saddr2str(iph1->local));
dst = racoon_strdup(saddr2str(iph1->remote));
STRDUP_FATAL(src);
@@ -3397,7 +3393,7 @@
"purged ISAKMP-SA spi=%s.\n",
isakmp_pindex(&(iph1->index), iph1->msgid));
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
void
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.46 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.47
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.46 Mon Mar 14 17:18:13 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c Tue Mar 15 13:20:14 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_inf.c,v 1.46 2011/03/14 17:18:13 tteras Exp $ */
+/* $NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $ */
/* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
@@ -1094,7 +1094,7 @@
isakmp_pindex(&spi[i], 0));
iph1->status = PHASE1ST_EXPIRED;
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
}
Index: src/crypto/dist/ipsec-tools/src/racoon/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.56 src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.57
--- src/crypto/dist/ipsec-tools/src/racoon/pfkey.c:1.56 Mon Mar 14 17:18:13 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Mar 15 13:20:14 2011
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
+/* $NetBSD: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
-/* $Id: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
+/* $Id: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2901,7 +2901,7 @@
rmconf = getrmconf(ma->remote, 0);
if (rmconf == NULL || !rmconf->passive) {
iph1->status = PHASE1ST_EXPIRED;
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
/* This is unlikely, but let's just check if a Phase 1
* for the new addresses already exist */
