- Fix a double free
- For acquire messages, when NAT-T is in use, consider null port as a wildcard and use IKE port
This commit is contained in:
parent
c5fa1fbb8b
commit
6add206c2f
14
crypto/dist/ipsec-tools/ChangeLog
vendored
14
crypto/dist/ipsec-tools/ChangeLog
vendored
@ -1,3 +1,17 @@
|
||||
2005-05-13 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
|
||||
consider null port as a wildcard and use IKE port
|
||||
|
||||
2005-05-13 Yvan Vanhullebus <vanhu@free.fr>
|
||||
|
||||
* src/racoon/isakmp.c: Fixed a double ph2handler free in
|
||||
isakmp_ph2begin_i().
|
||||
|
||||
---------------------------------------------
|
||||
|
||||
0.6b2 released
|
||||
|
||||
2005-05-10 Emmanuel Dreyfus <manu@netbsd.org>
|
||||
|
||||
* src/racoon/samples/roadwarrior/client/racoon.conf
|
||||
|
22
crypto/dist/ipsec-tools/src/racoon/isakmp.c
vendored
22
crypto/dist/ipsec-tools/src/racoon/isakmp.c
vendored
@ -1,6 +1,6 @@
|
||||
/* $NetBSD: isakmp.c,v 1.4 2005/05/08 08:57:26 manu Exp $ */
|
||||
/* $NetBSD: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
|
||||
|
||||
/* Id: isakmp.c,v 1.34.2.2 2005/03/13 17:31:55 vanhu Exp */
|
||||
/* $Id: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
@ -1164,7 +1164,6 @@ isakmp_ph2begin_i(iph1, iph2)
|
||||
unbindph12(iph2);
|
||||
/* release ipsecsa handler due to internal error. */
|
||||
remph2(iph2);
|
||||
delph2(iph2);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
@ -2000,8 +1999,23 @@ isakmp_post_acquire(iph2)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* search isakmp status table by address with masking port */
|
||||
/*
|
||||
* Search isakmp status table by address and port
|
||||
* If NAT-T is in use, consider null ports as a
|
||||
* wildcard and use IKE ports instead.
|
||||
*/
|
||||
#ifdef ENABLE_NATT
|
||||
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
|
||||
if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
|
||||
set_port(iph2->src, extract_port(iph1->local));
|
||||
set_port(iph2->dst, extract_port(iph1->remote));
|
||||
}
|
||||
} else {
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst);
|
||||
}
|
||||
#else
|
||||
iph1 = getph1byaddr(iph2->src, iph2->dst);
|
||||
#endif
|
||||
|
||||
/* no ISAKMP-SA found. */
|
||||
if (iph1 == NULL) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
#define TOP_PACKAGE "ipsec-tools"
|
||||
#define TOP_PACKAGE_NAME "ipsec-tools"
|
||||
#define TOP_PACKAGE_VERSION "0.6-nb20050510"
|
||||
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050510"
|
||||
#define TOP_PACKAGE_VERSION "0.6-nb20050513"
|
||||
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050513"
|
||||
#define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net"
|
||||
|
Loading…
Reference in New Issue
Block a user