- Fix a double free

- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
This commit is contained in:
manu 2005-05-13 14:09:44 +00:00
parent c5fa1fbb8b
commit 6add206c2f
3 changed files with 34 additions and 6 deletions

View File

@ -1,3 +1,17 @@
2005-05-13 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
consider null port as a wildcard and use IKE port
2005-05-13 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp.c: Fixed a double ph2handler free in
isakmp_ph2begin_i().
---------------------------------------------
0.6b2 released
2005-05-10 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/samples/roadwarrior/client/racoon.conf

View File

@ -1,6 +1,6 @@
/* $NetBSD: isakmp.c,v 1.4 2005/05/08 08:57:26 manu Exp $ */
/* $NetBSD: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
/* Id: isakmp.c,v 1.34.2.2 2005/03/13 17:31:55 vanhu Exp */
/* $Id: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -1164,7 +1164,6 @@ isakmp_ph2begin_i(iph1, iph2)
unbindph12(iph2);
/* release ipsecsa handler due to internal error. */
remph2(iph2);
delph2(iph2);
return -1;
}
return 0;
@ -2000,8 +1999,23 @@ isakmp_post_acquire(iph2)
return 0;
}
/* search isakmp status table by address with masking port */
/*
* Search isakmp status table by address and port
* If NAT-T is in use, consider null ports as a
* wildcard and use IKE ports instead.
*/
#ifdef ENABLE_NATT
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
set_port(iph2->src, extract_port(iph1->local));
set_port(iph2->dst, extract_port(iph1->remote));
}
} else {
iph1 = getph1byaddr(iph2->src, iph2->dst);
}
#else
iph1 = getph1byaddr(iph2->src, iph2->dst);
#endif
/* no ISAKMP-SA found. */
if (iph1 == NULL) {

View File

@ -1,5 +1,5 @@
#define TOP_PACKAGE "ipsec-tools"
#define TOP_PACKAGE_NAME "ipsec-tools"
#define TOP_PACKAGE_VERSION "0.6-nb20050510"
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050510"
#define TOP_PACKAGE_VERSION "0.6-nb20050513"
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050513"
#define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net"