[src/trunk]: src - Fix a double free

[manu <manu%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/522b8d63d76d
branches:  trunk
changeset: 580880:522b8d63d76d
user:      manu <manu%NetBSD.org@localhost>
date:      Fri May 13 14:09:44 2005 +0000

description:
- Fix a double free
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port

diffstat:

 crypto/dist/ipsec-tools/ChangeLog           |  14 ++++++++++++++
 crypto/dist/ipsec-tools/src/racoon/isakmp.c |  24 +++++++++++++++++++-----
 lib/libipsec/package_version.h              |   4 ++--
 3 files changed, 35 insertions(+), 7 deletions(-)

diffs (78 lines):

diff -r a813137b35f3 -r 522b8d63d76d crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Fri May 13 06:36:22 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Fri May 13 14:09:44 2005 +0000
@@ -1,3 +1,17 @@
+2005-05-13  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       * src/racoon/isakmp.c: For acquire messages, when NAT-T is in use,
+         consider null port as a wildcard and use IKE port
+
+2005-05-13  Yvan Vanhullebus  <vanhu%free.fr@localhost>
+
+       * src/racoon/isakmp.c: Fixed a double ph2handler free in
+         isakmp_ph2begin_i().
+
+---------------------------------------------
+
+       0.6b2 released
+
 2005-05-10  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
 
        * src/racoon/samples/roadwarrior/client/racoon.conf
diff -r a813137b35f3 -r 522b8d63d76d crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Fri May 13 06:36:22 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Fri May 13 14:09:44 2005 +0000
@@ -1,6 +1,6 @@
-/*     $NetBSD: isakmp.c,v 1.4 2005/05/08 08:57:26 manu Exp $  */
-
-/* Id: isakmp.c,v 1.34.2.2 2005/03/13 17:31:55 vanhu Exp */
+/*     $NetBSD: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $  */
+
+/* $Id: isakmp.c,v 1.5 2005/05/13 14:09:44 manu Exp $ */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1164,7 +1164,6 @@
                unbindph12(iph2);
                /* release ipsecsa handler due to internal error. */
                remph2(iph2);
-               delph2(iph2);
                return -1;
        }
        return 0;
@@ -2000,8 +1999,23 @@
                return 0;
        }
 
-       /* search isakmp status table by address with masking port */
+       /* 
+        * Search isakmp status table by address and port 
+        * If NAT-T is in use, consider null ports as a 
+        * wildcard and use IKE ports instead.
+        */
+#ifdef ENABLE_NATT
+       if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
+               if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
+                       set_port(iph2->src, extract_port(iph1->local));
+                       set_port(iph2->dst, extract_port(iph1->remote));
+               }
+       } else {
+               iph1 = getph1byaddr(iph2->src, iph2->dst);
+       }
+#else
        iph1 = getph1byaddr(iph2->src, iph2->dst);
+#endif
 
        /* no ISAKMP-SA found. */
        if (iph1 == NULL) {
diff -r a813137b35f3 -r 522b8d63d76d lib/libipsec/package_version.h
--- a/lib/libipsec/package_version.h    Fri May 13 06:36:22 2005 +0000
+++ b/lib/libipsec/package_version.h    Fri May 13 14:09:44 2005 +0000
@@ -1,5 +1,5 @@
 #define TOP_PACKAGE "ipsec-tools"
 #define TOP_PACKAGE_NAME "ipsec-tools"
-#define TOP_PACKAGE_VERSION  "0.6-nb20050510"
-#define TOP_PACKAGE_STRING  "ipsec-tools 0.6-nb20050510"
+#define TOP_PACKAGE_VERSION  "0.6-nb20050513"
+#define TOP_PACKAGE_STRING  "ipsec-tools 0.6-nb20050513"
 #define TOP_PACKAGE_URL "http://ipsec-tools.sourceforge.net";