diff --git a/crypto/dist/ipsec-tools/ChangeLog b/crypto/dist/ipsec-tools/ChangeLog index b5594402c8e6..55e755cdf738 100644 --- a/crypto/dist/ipsec-tools/ChangeLog +++ b/crypto/dist/ipsec-tools/ChangeLog @@ -1,3 +1,9 @@ +2008-07-11 Timo Teras + Track:259, original patch from Atis Elsts : + * src/racoon/isakmp.c, src/racoon/isakmp_inf.c: fix double memfree + by changing copy_ph1addresses() to not free ph1 on failure + and remove misplaced remph1() calls causing memory corruption + 2008-07-09 Timo Teras Track:269, from Chong Peng : * src/racoon/cfparse.y: remove parser initialization causing diff --git a/crypto/dist/ipsec-tools/src/racoon/isakmp.c b/crypto/dist/ipsec-tools/src/racoon/isakmp.c index d384ebad92d3..b064526aff1c 100644 --- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c +++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c @@ -1,4 +1,4 @@ -/* $NetBSD: isakmp.c,v 1.35 2008/06/18 07:04:23 mgrooms Exp $ */ +/* $NetBSD: isakmp.c,v 1.36 2008/07/11 08:02:06 tteras Exp $ */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ @@ -1041,7 +1041,6 @@ isakmp_ph1begin_i(rmconf, remote, local) #endif #ifdef ENABLE_HYBRID if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL) { - remph1(iph1); delph1(iph1); return NULL; } @@ -1058,7 +1057,6 @@ isakmp_ph1begin_i(rmconf, remote, local) /* XXX copy remote address */ if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) { - remph1(iph1); delph1(iph1); return NULL; } @@ -1160,7 +1158,6 @@ isakmp_ph1begin_r(msg, remote, local, etype) #endif #ifdef ENABLE_HYBRID if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL) { - remph1(iph1); delph1(iph1); return -1; } @@ -1182,7 +1179,6 @@ isakmp_ph1begin_r(msg, remote, local, etype) /* copy remote address */ if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) { - remph1(iph1); delph1(iph1); return -1; } @@ -2936,10 +2932,8 @@ copy_ph1addresses(iph1, rmconf, remote, local) /* address portion must be grabbed from real remote address "remote" */ iph1->remote = dupsaddr(remote); - if (iph1->remote == NULL) { - delph1(iph1); + if (iph1->remote == NULL) return -1; - } /* * if remote has no port # (in case of initiator - from ACQUIRE msg) @@ -2959,10 +2953,8 @@ copy_ph1addresses(iph1, rmconf, remote, local) iph1->local = getlocaladdr(iph1->remote); else iph1->local = dupsaddr(local); - if (iph1->local == NULL) { - delph1(iph1); + if (iph1->local == NULL) return -1; - } if (extract_port(iph1->local) == 0) set_port(iph1->local, PORT_ISAKMP); diff --git a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c index a019a317ead9..6a93c33b1e0f 100644 --- a/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c +++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c @@ -1,4 +1,4 @@ -/* $NetBSD: isakmp_inf.c,v 1.29 2008/07/02 14:46:27 vanhu Exp $ */ +/* $NetBSD: isakmp_inf.c,v 1.30 2008/07/11 08:02:06 tteras Exp $ */ /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */ @@ -728,10 +728,8 @@ isakmp_info_send_nx(isakmp, remote, local, type, data) iph1->flags = 0; iph1->msgid = 0; /* XXX */ #ifdef ENABLE_HYBRID - if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL) { - error = -1; + if ((iph1->mode_cfg = isakmp_cfg_mkstate()) == NULL) goto end; - } #endif #ifdef ENABLE_FRAG iph1->frag = 0; @@ -739,10 +737,8 @@ isakmp_info_send_nx(isakmp, remote, local, type, data) #endif /* copy remote address */ - if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) { - error = -1; + if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) goto end; - } tlen = sizeof(*n) + spisiz; if (data) @@ -751,7 +747,6 @@ isakmp_info_send_nx(isakmp, remote, local, type, data) if (payload == NULL) { plog(LLV_ERROR, LOCATION, NULL, "failed to get buffer to send.\n"); - error = -1; goto end; }