NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/42363: racoon uses a wrong IPsec-SA that is for different peer

>Number:         42363
>Category:       bin
>Synopsis:       racoon uses a wrong IPsec-SA that is for different peer
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Nov 22 18:25:00 +0000 2009
>Release:        NetBSD 5.0.1
Internet Initiative Japan Inc.
System: NetBSD 5.0.1 NetBSD 5.0.1 (GENERIC) #0: Thu Jul 30 
01:39:11 UTC 2009
Architecture: i386
Machine: i386

racoon uses a wrong IPsec-SA handle that is for other peer in case it
receives a ISAKMP message for IPsec-SA that has the same message-id as
the message-id that is received before.

racoon uses message-id to find the handle of IPsec-SA.  The message-id
is a unique number for each peer, but different peers may use the same

Different Windows Vista or Windows 7 peers seem to use the same
message-id.  racoon can handle the first Windows's Phase-2, but it
cannot handle the second Windows.  Because racoon misunderstands the
message for the second Windows as the message for the first Windows.

Index: handler.c
RCS file: /cvsroot/NetBSD/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
retrieving revision 1.30
diff -u -p -r1.30 handler.c
--- handler.c   3 Sep 2009 09:29:07 -0000       1.30
+++ handler.c   22 Nov 2009 16:57:16 -0000
@@ -573,7 +573,7 @@ getph2bymsgid(iph1, msgid)
        struct ph2handle *p;
-       LIST_FOREACH(p, &ph2tree, chain) {
+       LIST_FOREACH(p, &iph1->ph2tree, chain) {
                if (p->msgid == msgid && p->ph1 == iph1)
                        return p;

Home | Main Index | Thread Index | Old Index