Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon directly call isakmp_ph1d...
details: https://anonhg.NetBSD.org/src/rev/b7f56a32e1fb
branches: trunk
changeset: 763262:b7f56a32e1fb
user: vanhu <vanhu%NetBSD.org@localhost>
date: Tue Mar 15 13:20:14 2011 +0000
description:
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free
diffstat:
crypto/dist/ipsec-tools/src/racoon/isakmp.c | 24 ++++++++++--------------
crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c | 4 ++--
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 8 ++++----
3 files changed, 16 insertions(+), 20 deletions(-)
diffs (95 lines):
diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c Tue Mar 15 13:20:14 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.70 2011/03/14 17:18:12 tteras Exp $ */
+/* $NetBSD: isakmp.c,v 1.71 2011/03/15 13:20:14 vanhu Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -2018,7 +2018,7 @@
iph1->status = PHASE1ST_EXPIRED;
}
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
/* called from scheduler */
@@ -2046,20 +2046,16 @@
/* Discard any left phase2s */
for (p = LIST_FIRST(&iph1->ph2tree); p; p = next) {
next = LIST_NEXT(p, ph1bind);
- if (p->status >= PHASE2ST_ESTABLISHED)
- unbindph12(p);
- /* Should we also remove non established ph2
- * handles, as we just invalidated ph1handle ?
+ if (p->status == PHASE2ST_ESTABLISHED)
+ isakmp_info_send_d2(p);
+ /* remove all ph2 handles,
+ * as ph1handle will be expired soon
*/
+ delete_spd(p, 1);
+ remph2(p);
+ delph2(p);
}
- if (LIST_FIRST(&iph1->ph2tree) != NULL) {
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
- return;
- }
-
- /* don't re-negosiation when the phase 1 SA expires. */
-
src = racoon_strdup(saddr2str(iph1->local));
dst = racoon_strdup(saddr2str(iph1->remote));
STRDUP_FATAL(src);
@@ -3397,7 +3393,7 @@
"purged ISAKMP-SA spi=%s.\n",
isakmp_pindex(&(iph1->index), iph1->msgid));
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
void
diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c Tue Mar 15 13:20:14 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_inf.c,v 1.46 2011/03/14 17:18:13 tteras Exp $ */
+/* $NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $ */
/* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
@@ -1094,7 +1094,7 @@
isakmp_pindex(&spi[i], 0));
iph1->status = PHASE1ST_EXPIRED;
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
}
}
diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c Tue Mar 15 13:20:14 2011 +0000
@@ -1,6 +1,6 @@
-/* $NetBSD: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
-
-/* $Id: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
+/* $NetBSD: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
+
+/* $Id: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2901,7 +2901,7 @@
rmconf = getrmconf(ma->remote, 0);
if (rmconf == NULL || !rmconf->passive) {
iph1->status = PHASE1ST_EXPIRED;
- sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+ isakmp_ph1delete(iph1);
/* This is unlikely, but let's just check if a Phase 1
* for the new addresses already exist */
Home |
Main Index |
Thread Index |
Old Index