tech-crypto: racoon patches

Subject: racoon patches
To: None <vanhu@netbsd.org, tech-crypto@netbsd.org>
From: Stephen Degler <stephen@degler.net>
List: tech-crypto
Date: 11/10/2006 23:29:26
------=_20061110232926_33707
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Hello,

Please review these patches.  I'm running -current and anonymous sainfo's
broke for me.  The first patch fixes this.  As I read the code the 1.6
change to sainfo.c made it impossible for the anonymous sainfo to be
selected.

Patch number two I ran into debugging the problem.  cfparse.y permits one
to specify the peer as an address (in the sainfo FROM clause), but then
botches
filling out id_i.

Please review and let me know if its ok to commit.  Or should these just
be forwarded to ipsec-tools?

skd

------=_20061110232926_33707
Content-Type: text/x-patch; name="sainfo.c.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="sainfo.c.patch"

Index: sainfo.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/sainfo.c,v
retrieving revision 1.6
diff -u -u -r1.6 sainfo.c
--- sainfo.c	19 Oct 2006 09:35:51 -0000	1.6
+++ sainfo.c	11 Nov 2006 04:07:48 -0000
@@ -131,6 +131,11 @@
 		if(s->remoteid != remoteid)
 			continue;
 
+		if (s->idsrc == NULL && s->iddst == NULL) {
+			anonymous = s;
+			continue;
+		}
+
 		if (s->id_i != NULL) {
 			if (pass == 2)
 				continue;
@@ -138,10 +143,6 @@
 				continue;
 		} else if (pass == 1)
 			continue;
-		if (s->idsrc == NULL && s->iddst == NULL) {
-			anonymous = s;
-			continue;
-		}
 
 		/* anonymous ? */
 		if (loc == NULL) {
------=_20061110232926_33707
Content-Type: text/x-patch; name="cfparse.y.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="cfparse.y.patch"

Index: cfparse.y
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/cfparse.y,v
retrieving revision 1.17
diff -u -u -r1.17 cfparse.y
--- cfparse.y	22 Oct 2006 15:10:31 -0000	1.17
+++ cfparse.y	11 Nov 2006 04:06:55 -0000
@@ -1346,20 +1346,29 @@
 				yyerror("failed to set identifer.\n");
 				return -1;
 			}
-			cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l);
-			if (cur_sainfo->id_i == NULL) {
-				yyerror("failed to allocate identifier");
-				return -1;
+			if ( $2 == IDTYPE_ADDRESS ) {
+				cur_sainfo->id_i = 
+					ipsecdoi_sockaddr2id((struct sockaddr *)idv->v,
+							     -1, 
+							     IPSEC_ULPROTO_ANY);
 			}
+			else {
+				cur_sainfo->id_i = 
+					vmalloc(sizeof(*id_b) + idv->l);
+				if (cur_sainfo->id_i == NULL) {
+					yyerror("failed to allocate identifier");
+					return -1;
+				}
+				id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
+				id_b->type = idtype2doi($2);
 
-			id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v;
-			id_b->type = idtype2doi($2);
-
-			id_b->proto_id = 0;
-			id_b->port = 0;
+				id_b->proto_id = 0;
+				id_b->port = 0;
 
-			memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
-			       idv->v, idv->l);
+				memcpy(cur_sainfo->id_i->v + sizeof(*id_b),
+				       idv->v, idv->l);
+				vfree(idv);
+			}
 			vfree(idv);
 		}
 	|	GROUP QUOTEDSTRING
------=_20061110232926_33707--