directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free

crypto/dist/ipsec-tools/src/racoon/isakmp.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp.c,v 1.70 2011/03/14 17:18:12 tteras Exp $	*/
+/*	$NetBSD: isakmp.c,v 1.71 2011/03/15 13:20:14 vanhu Exp $	*/
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -2018,7 +2018,7 @@ isakmp_ph1expire(iph1)
 		iph1->status = PHASE1ST_EXPIRED;
 	}
 
-	sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+	isakmp_ph1delete(iph1);
 }
 
 /* called from scheduler */
@@ -2046,20 +2046,16 @@ isakmp_ph1delete(iph1)
 	/* Discard any left phase2s */
 	for (p = LIST_FIRST(&iph1->ph2tree); p; p = next) {
 		next = LIST_NEXT(p, ph1bind);
-		if (p->status >= PHASE2ST_ESTABLISHED)
-			unbindph12(p);
-		/* Should we also remove non established ph2
-		 * handles, as we just invalidated ph1handle ?
+		if (p->status == PHASE2ST_ESTABLISHED)
+			isakmp_info_send_d2(p);
+		/* remove all ph2 handles,
+		 * as ph1handle will be expired soon
 		 */
+		delete_spd(p, 1);
+		remph2(p);
+		delph2(p);
 	}
 
-	if (LIST_FIRST(&iph1->ph2tree) != NULL) {
-		sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
-		return;
-	}
-
-	/* don't re-negosiation when the phase 1 SA expires. */
-
 	src = racoon_strdup(saddr2str(iph1->local));
 	dst = racoon_strdup(saddr2str(iph1->remote));
 	STRDUP_FATAL(src);
@@ -3397,7 +3393,7 @@ purge_remote(iph1)
 		 "purged ISAKMP-SA spi=%s.\n",
 		 isakmp_pindex(&(iph1->index), iph1->msgid));
 
-	sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+	isakmp_ph1delete(iph1);
 }
 
 void

crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.46 2011/03/14 17:18:13 tteras Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.47 2011/03/15 13:20:14 vanhu Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1094,7 +1094,7 @@ purge_isakmp_spi(proto, spi, n)
 			isakmp_pindex(&spi[i], 0));
 
 		iph1->status = PHASE1ST_EXPIRED;
-		sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+		isakmp_ph1delete(iph1);
 	}
 }
 

crypto/dist/ipsec-tools/src/racoon/pfkey.c

@@ -1,6 +1,6 @@
-/*	$NetBSD: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $	*/
+/*	$NetBSD: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $	*/
 
-/* $Id: pfkey.c,v 1.56 2011/03/14 17:18:13 tteras Exp $ */
+/* $Id: pfkey.c,v 1.57 2011/03/15 13:20:14 vanhu Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -2901,7 +2901,7 @@ migrate_ph1_ike_addresses(iph1, arg)
 		rmconf = getrmconf(ma->remote, 0);
 		if (rmconf == NULL || !rmconf->passive) {
 			iph1->status = PHASE1ST_EXPIRED;
-			sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+			isakmp_ph1delete(iph1);
 
 			/* This is unlikely, but let's just check if a Phase 1
 			 * for the new addresses already exist */