Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/dist/ipsec-tools/src/racoon directly call isakmp_ph1d...



details:   https://anonhg.NetBSD.org/src/rev/b7f56a32e1fb
branches:  trunk
changeset: 763262:b7f56a32e1fb
user:      vanhu <vanhu%NetBSD.org@localhost>
date:      Tue Mar 15 13:20:14 2011 +0000

description:
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free

diffstat:

 crypto/dist/ipsec-tools/src/racoon/isakmp.c     |  24 ++++++++++--------------
 crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c |   4 ++--
 crypto/dist/ipsec-tools/src/racoon/pfkey.c      |   8 ++++----
 3 files changed, 16 insertions(+), 20 deletions(-)

diffs (95 lines):

diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Tue Mar 15 13:20:14 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.70 2011/03/14 17:18:12 tteras Exp $       */
+/*     $NetBSD: isakmp.c,v 1.71 2011/03/15 13:20:14 vanhu Exp $        */
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -2018,7 +2018,7 @@
                iph1->status = PHASE1ST_EXPIRED;
        }
 
-       sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+       isakmp_ph1delete(iph1);
 }
 
 /* called from scheduler */
@@ -2046,20 +2046,16 @@
        /* Discard any left phase2s */
        for (p = LIST_FIRST(&iph1->ph2tree); p; p = next) {
                next = LIST_NEXT(p, ph1bind);
-               if (p->status >= PHASE2ST_ESTABLISHED)
-                       unbindph12(p);
-               /* Should we also remove non established ph2
-                * handles, as we just invalidated ph1handle ?
+               if (p->status == PHASE2ST_ESTABLISHED)
+                       isakmp_info_send_d2(p);
+               /* remove all ph2 handles,
+                * as ph1handle will be expired soon
                 */
+               delete_spd(p, 1);
+               remph2(p);
+               delph2(p);
        }
 
-       if (LIST_FIRST(&iph1->ph2tree) != NULL) {
-               sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
-               return;
-       }
-
-       /* don't re-negosiation when the phase 1 SA expires. */
-
        src = racoon_strdup(saddr2str(iph1->local));
        dst = racoon_strdup(saddr2str(iph1->remote));
        STRDUP_FATAL(src);
@@ -3397,7 +3393,7 @@
                 "purged ISAKMP-SA spi=%s.\n",
                 isakmp_pindex(&(iph1->index), iph1->msgid));
 
-       sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+       isakmp_ph1delete(iph1);
 }
 
 void
diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c   Tue Mar 15 13:20:14 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp_inf.c,v 1.46 2011/03/14 17:18:13 tteras Exp $   */
+/*     $NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $    */
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1094,7 +1094,7 @@
                        isakmp_pindex(&spi[i], 0));
 
                iph1->status = PHASE1ST_EXPIRED;
-               sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+               isakmp_ph1delete(iph1);
        }
 }
 
diff -r 2e2dae11f66a -r b7f56a32e1fb crypto/dist/ipsec-tools/src/racoon/pfkey.c
--- a/crypto/dist/ipsec-tools/src/racoon/pfkey.c        Tue Mar 15 12:21:08 2011 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/pfkey.c        Tue Mar 15 13:20:14 2011 +0000
@@ -1,6 +1,6 @@
-/*     $NetBSD: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $        */
-
-/* $Id: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
+/*     $NetBSD: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
+
+/* $Id: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2901,7 +2901,7 @@
                rmconf = getrmconf(ma->remote, 0);
                if (rmconf == NULL || !rmconf->passive) {
                        iph1->status = PHASE1ST_EXPIRED;
-                       sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+                       isakmp_ph1delete(iph1);
 
                        /* This is unlikely, but let's just check if a Phase 1
                         * for the new addresses already exist */



Home | Main Index | Thread Index | Old Index