netbsd-bugs: bin/15949: racoon INITIAL_CONTACT info handling broken w/ fix

Subject: bin/15949: racoon INITIAL_CONTACT info handling broken w/ fix
To: None <gnats-bugs@gnats.netbsd.org>
From: Frank Kardel <kardel@acm.org>
List: netbsd-bugs
Date: 03/17/2002 20:58:21

>Number:         15949
>Category:       bin
>Synopsis:       racoon INITIAL_CONTACT info handling broken w/ fix
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 17 11:59:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Frank Kardel
>Release:        NetBSD 1.5ZB
>Organization:
	
>Environment:
	
	
System: NetBSD pip 1.5ZB NetBSD 1.5ZB (PIP) #0: Sun Mar 10 21:45:27 MET 2002 kardel@pip:/fs/IC35L060-0-a/src/NetBSD/netbsd/sys/arch/i386/compile/PIP i386
Architecture: i386
Machine: i386
>Description:
	racoon fails to delete old SAs upon receipt of INITIAL_CONTACT info.
>How-To-Repeat:
	Node A: start racoon with valid config
	Node B: start racoon with valid config
	let racoons on A and B negotiate SAs
	kill -9 one racoon
	restart it
	watch it negotiate new SAs
	watch the partner machine reply wih packets using old SPIs (it still has the old AND the new SAs)
	now you need to wait until the SAs time out for communication to resume
>Fix:
	The check whether the new association matched any old SAs was broken (boolean algebra mixup or cmpsaddrwop() return 0 on match error).

Index: isakmp_inf.c
===================================================================
RCS file: /src/NetBSD/REPOSITORY/netbsd/crypto/dist/kame/racoon/isakmp_inf.c,v
retrieving revision 1.1.1.5
diff -c -r1.1.1.5 isakmp_inf.c
*** isakmp_inf.c	2001/09/02 17:21:08	1.1.1.5
--- isakmp_inf.c	2002/03/17 19:29:55
***************
*** 1058,1066 ****
  		 * source address and the destination accress.
  		 */
  		if ((cmpsaddrwop(iph1->local, src)
! 		  && cmpsaddrwop(iph1->remote, dst))
! 		 || (cmpsaddrwop(iph1->remote, src)
! 		  && cmpsaddrwop(iph1->local, dst))) {
  			msg = next;
  			continue;
  		}
--- 1058,1066 ----
  		 * source address and the destination accress.
  		 */
  		if ((cmpsaddrwop(iph1->local, src)
! 		  || cmpsaddrwop(iph1->remote, dst))
! 		 && (cmpsaddrwop(iph1->remote, src)
! 		  || cmpsaddrwop(iph1->local, dst))) {
  			msg = next;
  			continue;
  		}

>Release-Note:
>Audit-Trail:
>Unformatted: