Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Fix a double free 

- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
This commit is contained in:
manu 2005-05-13 14:09:44 +00:00
parent c5fa1fbb8b
commit 6add206c2f
3 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
crypto/dist/ipsec-tools/ChangeLog vendored
View File

@ -1,3 +1,17 @@
2005-05-13 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
consider null port as a wildcard and use IKE port
2005-05-13 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp.c: Fixed a double ph2handler free in
isakmp_ph2begin_i().
---------------------------------------------
0.6b2 released
2005-05-10 Emmanuel Dreyfus <manu@netbsd.org> 2005-05-10 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/samples/roadwarrior/client/racoon.conf * src/racoon/samples/roadwarrior/client/racoon.conf

22
crypto/dist/ipsec-tools/src/racoon/isakmp.c vendored
View File

@ -1,6 +1,6 @@
/* $NetBSD: isakmp.c,v 1.4 2005/05/08 08:57:26 manu Exp $ */ /* $NetBSD: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
/* Id: isakmp.c,v 1.34.2.2 2005/03/13 17:31:55 vanhu Exp */ /* $Id: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
/* /*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -1164,7 +1164,6 @@ isakmp_ph2begin_i(iph1, iph2)
unbindph12(iph2); unbindph12(iph2);
/* release ipsecsa handler due to internal error. */ /* release ipsecsa handler due to internal error. */
remph2(iph2); remph2(iph2);
delph2(iph2);
return -1; return -1;
} }
return 0; return 0;
@ -2000,8 +1999,23 @@ isakmp_post_acquire(iph2)
return 0; return 0;
} }
/* search isakmp status table by address with masking port */ /*
* Search isakmp status table by address and port
* If NAT-T is in use, consider null ports as a
* wildcard and use IKE ports instead.
*/
#ifdef ENABLE_NATT
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
set_port(iph2->src, extract_port(iph1->local));
set_port(iph2->dst, extract_port(iph1->remote));
}
} else {
iph1 = getph1byaddr(iph2->src, iph2->dst);
}
#else
iph1 = getph1byaddr(iph2->src, iph2->dst); iph1 = getph1byaddr(iph2->src, iph2->dst);
#endif
/* no ISAKMP-SA found. */ /* no ISAKMP-SA found. */
if (iph1 == NULL) { if (iph1 == NULL) {

4
lib/libipsec/package_version.h
View File

@ -1,5 +1,5 @@
#define TOP_PACKAGE "ipsec-tools" #define TOP_PACKAGE "ipsec-tools"
#define TOP_PACKAGE_NAME "ipsec-tools" #define TOP_PACKAGE_NAME "ipsec-tools"
#define TOP_PACKAGE_VERSION "0.6-nb20050510" #define TOP_PACKAGE_VERSION "0.6-nb20050513"
#define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050510" #define TOP_PACKAGE_STRING "ipsec-tools 0.6-nb20050513"
#define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net" #define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net"