subject:"CVS commit\: \[ipsec\-tools\-0_7\-branch\] src\/crypto\/dist\/ipsec\-tools\/src\/racoon"

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2011-02-10 Thread Timo Teräs

Module Name:src
Committed By:   tteras
Date:   Thu Feb 10 11:21:55 UTC 2011

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
prsa_par.y

Log Message:
From Mats Erik Andersson deb...@gisladisker.se: Fix address
initialization of restricted RSA keys to work on non-linux platforms.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.6.1 \
src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y
diff -u src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.4 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.4.6.1
--- src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.4	Sat Sep  9 16:22:10 2006
+++ src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y	Thu Feb 10 11:21:55 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: prsa_par.y,v 1.4 2006/09/09 16:22:10 manu Exp $	*/
+/*	$NetBSD: prsa_par.y,v 1.4.6.1 2011/02/10 11:21:55 tteras Exp $	*/
 
 /* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
 
@@ -246,6 +246,9 @@
 		$$-prefix = $2;
 		sap = (struct sockaddr_in *)($$-sa);
 		sap-sin_family = AF_INET;
+#ifndef __linux__
+		sap-sin_len = sizeof(*sap);
+#endif
 		err = inet_pton(AF_INET, $1, (struct in_addr*)(sap-sin_addr));
 		if (err = 0) {
 			prsaerror(inet_pton(%s): %s\n, $1, strerror(errno));
@@ -269,6 +272,9 @@
 		$$-prefix = $2;
 		sap = (struct sockaddr_in6 *)($$-sa);
 		sap-sin6_family = AF_INET6;
+#ifndef __linux__
+		sap-sin6_len = sizeof(*sap);
+#endif
 		err = inet_pton(AF_INET6, $1, (struct in6_addr*)(sap-sin6_addr));
 		if (err = 0) {
 			prsaerror(inet_pton(%s): %s\n, $1, strerror(errno));

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2011-01-21 Thread Timo Teräs

Module Name:src
Committed By:   tteras
Date:   Sat Jan 22 07:44:39 UTC 2011

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
isakmp_inf.c

Log Message:
From Roman Hoog Antink r...@open.ch: Fixes a null pointer dereference
that might occur after removing peers from the config and then reloading.


To generate a diff of this commit:
cvs rdiff -u -r1.14.4.17 -r1.14.4.18 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.17 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.18
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.17	Mon May 18 17:07:46 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c	Sat Jan 22 07:44:39 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.14.4.17 2009/05/18 17:07:46 tteras Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.14.4.18 2011/01/22 07:44:39 tteras Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -1624,6 +1624,15 @@
 
 	iph1-dpd_r_u=NULL;
 
+	if (iph1-status == PHASE1ST_EXPIRED) {
+		/* This can happen after removing tunnels from the
+		 * config file and then reloading.
+		 * Such iph1 have rmconf=NULL, so return before the if
+		 * block below.
+		 */
+		return;
+	}
+
 	if (iph1-dpd_fails = iph1-rmconf-dpd_maxfails) {
 
 		plog(LLV_INFO, LOCATION, iph1-remote,

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2010-12-27 Thread Timo Teräs

Module Name:src
Committed By:   tteras
Date:   Tue Dec 28 06:02:45 UTC 2010

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
handler.c

Log Message:
From Roman Hoog Antink r...@open.ch: Fix config reload to not delete too
many phase 2 handles, because wrong chain field is used when enumerating
the handles.


To generate a diff of this commit:
cvs rdiff -u -r1.9.6.8 -r1.9.6.9 \
src/crypto/dist/ipsec-tools/src/racoon/handler.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.8 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.9
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.8	Mon Apr 20 13:25:27 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c	Tue Dec 28 06:02:45 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: handler.c,v 1.9.6.8 2009/04/20 13:25:27 tteras Exp $	*/
+/*	$NetBSD: handler.c,v 1.9.6.9 2010/12/28 06:02:45 tteras Exp $	*/
 
 /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
 
@@ -1306,7 +1306,7 @@
 
 	if (iph1-status == PHASE1ST_ESTABLISHED){
 		for (iph2 = LIST_FIRST(iph1-ph2tree); iph2; iph2 = iph2_next) {
-			iph2_next = LIST_NEXT(iph2, chain);
+			iph2_next = LIST_NEXT(iph2, ph1bind);
 			remove_ph2(iph2);
 		}
 		isakmp_info_send_d1(iph1);

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2010-08-04 Thread VANHULLEBUS Yvan

Module Name:src
Committed By:   vanhu
Date:   Wed Aug  4 09:23:53 UTC 2010

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
isakmp_cfg.c

Log Message:
fixed answer for IP4_SUBNET request


To generate a diff of this commit:
cvs rdiff -u -r1.12.6.4 -r1.12.6.5 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.12.6.4 src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.12.6.5
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.12.6.4	Thu Nov 27 15:25:20 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c	Wed Aug  4 09:23:53 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_cfg.c,v 1.12.6.4 2008/11/27 15:25:20 vanhu Exp $	*/
+/*	$NetBSD: isakmp_cfg.c,v 1.12.6.5 2010/08/04 09:23:53 vanhu Exp $	*/
 
 /* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */
 
@@ -114,6 +114,8 @@
 #endif
 static vchar_t *isakmp_cfg_addr4(struct ph1handle *, 
  struct isakmp_data *, in_addr_t *);
+static vchar_t *isakmp_cfg_addrnet4(struct ph1handle *, 
+ struct isakmp_data *, in_addr_t *, in_addr_t *);
 static void isakmp_cfg_getaddr4(struct isakmp_data *, struct in_addr *);
 static vchar_t *isakmp_cfg_addr4_list(struct ph1handle *,
   struct isakmp_data *, in_addr_t *, int);
@@ -901,8 +903,15 @@
 		break;
 
 	case INTERNAL_IP4_SUBNET:
-		return isakmp_cfg_addr4(iph1, 
-		attr, isakmp_cfg_config.network4);
+		if(isakmp_cfg_config.splitnet_count  0){
+			return isakmp_cfg_addrnet4(iph1, attr,
+		isakmp_cfg_config.splitnet_list-network.addr4.s_addr,
+		isakmp_cfg_config.splitnet_list-network.mask4.s_addr);
+		}else{
+			plog(LLV_INFO, LOCATION, NULL,
+			 %s requested but no splitnet in configuration\n,
+			 s_isakmp_cfg_type(type));
+		}
 		break;
 
 	default:
@@ -1042,6 +1051,36 @@
 }
 
 static vchar_t *
+isakmp_cfg_addrnet4(iph1, attr, addr, mask)
+	struct ph1handle *iph1;
+	struct isakmp_data *attr;
+	in_addr_t *addr;
+	in_addr_t *mask;
+{
+	vchar_t *buffer;
+	struct isakmp_data *new;
+	size_t len;
+	in_addr_t netbuff[2];
+
+	len = sizeof(netbuff);
+	if ((buffer = vmalloc(sizeof(*attr) + len)) == NULL) {
+		plog(LLV_ERROR, LOCATION, NULL, Cannot allocate memory\n);
+		return NULL;
+	}
+
+	new = (struct isakmp_data *)buffer-v;
+
+	new-type = attr-type;
+	new-lorv = htons(len);
+	netbuff[0]=*addr;
+	netbuff[1]=*mask;
+	memcpy(new + 1, netbuff, len);
+	
+	return buffer;
+}
+
+
+static vchar_t *
 isakmp_cfg_addr4_list(iph1, attr, addr, nbr)
 	struct ph1handle *iph1;
 	struct isakmp_data *attr;

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-09-18 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Fri Sep 18 10:32:48 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
isakmp_agg.c isakmp_ident.c

Log Message:
From Tomas Mraz: Fix gssapi error checking.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.6.1 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c
cvs rdiff -u -r1.6 -r1.6.6.1 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c:1.9 src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c:1.9.6.1
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c:1.9	Sat Sep 30 21:49:37 2006
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c	Fri Sep 18 10:32:48 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_agg.c,v 1.9 2006/09/30 21:49:37 manu Exp $	*/
+/*	$NetBSD: isakmp_agg.c,v 1.9.6.1 2009/09/18 10:32:48 tteras Exp $	*/
 
 /* Id: isakmp_agg.c,v 1.28 2006/04/06 16:46:08 manubsd Exp */
 
@@ -246,7 +246,11 @@
 
 #ifdef HAVE_GSSAPI
 	if (RMAUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) {
-		gssapi_get_token_to_send(iph1, gsstoken);
+		if (gssapi_get_token_to_send(iph1, gsstoken)  0) {
+			plog(LLV_ERROR, LOCATION, NULL, 
+			 Failed to get gssapi token.\n);
+			goto end;
+		}
 		plist = isakmp_plist_append(plist, gsstoken, ISAKMP_NPTYPE_GSS);
 	}
 #endif
@@ -1254,7 +1258,11 @@
 			iph1-id, ISAKMP_NPTYPE_ID);
 
 			/* create GSS payload */
-			gssapi_get_token_to_send(iph1, gsstoken);
+			if (gssapi_get_token_to_send(iph1, gsstoken)  0) {
+plog(LLV_ERROR, LOCATION, NULL, 
+Failed to get gssapi token.\n);
+goto end;
+			}
 			plist = isakmp_plist_append(plist, 
 			gsstoken, ISAKMP_NPTYPE_GSS);
 

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c:1.6.6.1
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c:1.6	Mon Oct  2 21:41:59 2006
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c	Fri Sep 18 10:32:48 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_ident.c,v 1.6 2006/10/02 21:41:59 manu Exp $	*/
+/*	$NetBSD: isakmp_ident.c,v 1.6.6.1 2009/09/18 10:32:48 tteras Exp $	*/
 
 /* Id: isakmp_ident.c,v 1.21 2006/04/06 16:46:08 manubsd Exp */
 
@@ -1721,7 +1721,11 @@
 
 #ifdef HAVE_GSSAPI
 	if (AUTHMETHOD(iph1) == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB)
-		gssapi_get_token_to_send(iph1, gsstoken);
+		if (gssapi_get_token_to_send(iph1, gsstoken)  0) {
+			plog(LLV_ERROR, LOCATION, NULL,
+Failed to get gssapi token.\n);
+			goto end;
+		}
 #endif
 
 	/* create isakmp KE payload */
@@ -1891,7 +1895,11 @@
 			if (gsshash == NULL)
 goto end;
 		} else {
-			gssapi_get_token_to_send(iph1, gsstoken);
+			if (gssapi_get_token_to_send(iph1, gsstoken)  0) {
+plog(LLV_ERROR, LOCATION, NULL,
+	Failed to get gssapi token.\n);
+goto end;
+			}
 		}
 
 		if (!gssapi_id_sent(iph1)) {

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-08-13 Thread VANHULLEBUS Yvan

Module Name:src
Committed By:   vanhu
Date:   Thu Aug 13 09:18:45 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
oakley.c

Log Message:
fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs


To generate a diff of this commit:
cvs rdiff -u -r1.9.6.3 -r1.9.6.4 \
src/crypto/dist/ipsec-tools/src/racoon/oakley.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.4
--- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.9.6.3	Thu Mar  6 17:00:25 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c	Thu Aug 13 09:18:45 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: oakley.c,v 1.9.6.3 2008/03/06 17:00:25 vanhu Exp $	*/
+/*	$NetBSD: oakley.c,v 1.9.6.4 2009/08/13 09:18:45 vanhu Exp $	*/
 
 /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
 
@@ -3116,7 +3116,7 @@
 	/* do decrypt */
 	new = alg_oakley_encdef_decrypt(iph1-approval-enctype,
 	buf, iph1-key, ivdp);
-	if (new == NULL) {
+	if (new == NULL || new-v == NULL || new-l == 0) {
 		plog(LLV_ERROR, LOCATION, NULL,
 			decryption %d failed.\n, iph1-approval-enctype);
 		goto end;

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-06-19 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Fri Jun 19 07:32:52 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
ipsec_doi.c

Log Message:
Backport S.P.Zeidler's fix to IPv6 address related stack smashing in
ipsecdoi_id2str() from CVS HEAD.


To generate a diff of this commit:
cvs rdiff -u -r1.23.4.9 -r1.23.4.10 \
src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.23.4.9 src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.23.4.10
--- src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.23.4.9	Wed Jun 18 07:30:19 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c	Fri Jun 19 07:32:52 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_doi.c,v 1.23.4.9 2008/06/18 07:30:19 mgrooms Exp $	*/
+/*	$NetBSD: ipsec_doi.c,v 1.23.4.10 2009/06/19 07:32:52 tteras Exp $	*/
 
 /* Id: ipsec_doi.c,v 1.55 2006/08/17 09:20:41 vanhu Exp */
 
@@ -4381,20 +4381,29 @@
 	char *dat;
 	static char buf[BUFLEN];
 	struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id-v;
-	struct sockaddr saddr;
+	struct sockaddr_storage saddr_storage;
+	struct sockaddr*saddr;
+	struct sockaddr_in *saddr_in;
+	struct sockaddr_in6*saddr_in6;
 	u_int plen = 0;
 
+	saddr = (struct sockaddr *)saddr_storage;
+	saddr_in  = (struct sockaddr_in *)saddr_storage;
+	saddr_in6 = (struct sockaddr_in6 *)saddr_storage;
+
+	
 	switch (id_b-type) {
 	case IPSECDOI_ID_IPV4_ADDR:
 	case IPSECDOI_ID_IPV4_ADDR_SUBNET:
 	case IPSECDOI_ID_IPV4_ADDR_RANGE:
 
 #ifndef __linux__
-		saddr.sa_len = sizeof(struct sockaddr_in);
+		saddr-sa_len = sizeof(struct sockaddr_in);
 #endif
-		saddr.sa_family = AF_INET;
-		((struct sockaddr_in *)saddr)-sin_port = IPSEC_PORT_ANY;
-		memcpy(((struct sockaddr_in *)saddr)-sin_addr,
+		saddr-sa_family = AF_INET;
+
+		saddr_in-sin_port = IPSEC_PORT_ANY;
+		memcpy(saddr_in-sin_addr,
 			id-v + sizeof(*id_b), sizeof(struct in_addr));
 		break;
 #ifdef INET6
@@ -4403,12 +4412,17 @@
 	case IPSECDOI_ID_IPV6_ADDR_RANGE:
 
 #ifndef __linux__
-		saddr.sa_len = sizeof(struct sockaddr_in6);
+		saddr-sa_len = sizeof(struct sockaddr_in6);
 #endif
-		saddr.sa_family = AF_INET6;
-		((struct sockaddr_in6 *)saddr)-sin6_port = IPSEC_PORT_ANY;
-		memcpy(((struct sockaddr_in6 *)saddr)-sin6_addr,
+		saddr-sa_family = AF_INET6;
+
+		saddr_in6-sin6_port = IPSEC_PORT_ANY;
+		memcpy(saddr_in6-sin6_addr,
 			id-v + sizeof(*id_b), sizeof(struct in6_addr));
+		saddr_in6-sin6_scope_id =
+			(IN6_IS_ADDR_LINKLOCAL(saddr_in6-sin6_addr)
+? ((struct sockaddr_in6 *)id_b)-sin6_scope_id
+: 0);
 		break;
 #endif
 	}
@@ -4418,7 +4432,7 @@
 #ifdef INET6
 	case IPSECDOI_ID_IPV6_ADDR:
 #endif
-		len = snprintf( buf, BUFLEN, %s, saddrwop2str(saddr));
+		len = snprintf( buf, BUFLEN, %s, saddrwop2str(saddr));
 		break;
 
 	case IPSECDOI_ID_IPV4_ADDR_SUBNET:
@@ -4474,42 +4488,46 @@
 			plen += l;
 		}
 
-		len = snprintf( buf, BUFLEN, %s/%i, saddrwop2str(saddr), plen);
+		len = snprintf( buf, BUFLEN, %s/%i, saddrwop2str(saddr), plen);
 	}
 		break;
 
 	case IPSECDOI_ID_IPV4_ADDR_RANGE:
 
-		len = snprintf( buf, BUFLEN, %s-, saddrwop2str(saddr));
+		len = snprintf( buf, BUFLEN, %s-, saddrwop2str(saddr));
 
 #ifndef __linux__
-		saddr.sa_len = sizeof(struct sockaddr_in);
+		saddr-sa_len = sizeof(struct sockaddr_in);
 #endif
-		saddr.sa_family = AF_INET;
-		((struct sockaddr_in *)saddr)-sin_port = IPSEC_PORT_ANY;
-		memcpy(((struct sockaddr_in *)saddr)-sin_addr,
+		saddr-sa_family = AF_INET;
+		saddr_in-sin_port = IPSEC_PORT_ANY;
+		memcpy(saddr_in-sin_addr,
 			id-v + sizeof(*id_b) + sizeof(struct in_addr),
 			sizeof(struct in_addr));
 
-		len += snprintf( buf + len, BUFLEN - len, %s, saddrwop2str(saddr));
+		len += snprintf( buf + len, BUFLEN - len, %s, saddrwop2str(saddr));
 
 		break;
 
 #ifdef INET6
 	case IPSECDOI_ID_IPV6_ADDR_RANGE:
 
-		len = snprintf( buf, BUFLEN, %s-, saddrwop2str(saddr));
+		len = snprintf( buf, BUFLEN, %s-, saddrwop2str(saddr));
 
 #ifndef __linux__
-		saddr.sa_len = sizeof(struct sockaddr_in6);
+		saddr-sa_len = sizeof(struct sockaddr_in6);
 #endif
-		saddr.sa_family = AF_INET6;
-		((struct sockaddr_in6 *)saddr)-sin6_port = IPSEC_PORT_ANY;
-		memcpy(((struct sockaddr_in6 *)saddr)-sin6_addr,
+		saddr-sa_family = AF_INET6;
+		saddr_in6-sin6_port = IPSEC_PORT_ANY;
+		memcpy(saddr_in6-sin6_addr,
 			id-v + sizeof(*id_b) + sizeof(struct in6_addr),
 			sizeof(struct in6_addr));
+		saddr_in6-sin6_scope_id =
+			(IN6_IS_ADDR_LINKLOCAL(saddr_in6-sin6_addr)
+? ((struct sockaddr_in6 *)id_b)-sin6_scope_id
+: 0);
 
-		len += snprintf( buf + len, BUFLEN - len, %s, saddrwop2str(saddr));
+		len += snprintf( buf + len, BUFLEN - len, %s, saddrwop2str(saddr));
 
 		break;
 #endif

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-05-18 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon May 18 17:01:07 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
nattraversal.c

Log Message:
From Tomas Mraz: Fix natt_flags check.


To generate a diff of this commit:
cvs rdiff -u -r1.6.6.1 -r1.6.6.2 \
src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6.6.1 src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6.6.2
--- src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6.6.1	Mon Apr 20 13:27:12 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c	Mon May 18 17:01:07 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: nattraversal.c,v 1.6.6.1 2009/04/20 13:27:12 tteras Exp $	*/
+/*	$NetBSD: nattraversal.c,v 1.6.6.2 2009/05/18 17:01:07 tteras Exp $	*/
 
 /*
  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
@@ -287,7 +287,7 @@
 void
 natt_float_ports (struct ph1handle *iph1)
 {
-	if (! (iph1-natt_flags  NAT_DETECTED) )
+	if (! (iph1-natt_flags  NAT_DETECTED) )
 		return;
 	if (! iph1-natt_options-float_port){
 		/* Drafts 00 / 01, just schedule keepalive */

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-05-18 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon May 18 17:07:47 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
isakmp_inf.c

Log Message:
From Tomas Mraz: Remove variable that is not really used; only referenced
while uninitialized causing valgrind error.


To generate a diff of this commit:
cvs rdiff -u -r1.14.4.16 -r1.14.4.17 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.16 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.17
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.16	Mon Apr 20 13:35:36 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c	Mon May 18 17:07:46 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.14.4.16 2009/04/20 13:35:36 tteras Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.14.4.17 2009/05/18 17:07:46 tteras Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -136,7 +136,6 @@
 	struct isakmp_gen *nd;
 	u_int8_t np;
 	int encrypted;
-	int flag;
 
 	plog(LLV_DEBUG, LOCATION, NULL, receive Information.\n);
 
@@ -313,11 +312,8 @@
 received unexpected payload type %s.\n,
 s_isakmp_nptype(gen-np));
 		}
-		if(error  0) {
+		if (error  0)
 			break;
-		} else {
-			flag |= error;
-		}
 	}
 end:
 	if (msg != NULL)

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-29 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Wed Apr 29 10:50:25 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
crypto_openssl.c

Log Message:
From Ross Meng: Fix a memory leak in X509 certificate validation.


To generate a diff of this commit:
cvs rdiff -u -r1.11.6.5 -r1.11.6.6 \
src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.5 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.6
--- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.5	Mon Apr 20 13:33:30 2009
+++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c	Wed Apr 29 10:50:25 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: crypto_openssl.c,v 1.11.6.5 2009/04/20 13:33:30 tteras Exp $	*/
+/*	$NetBSD: crypto_openssl.c,v 1.11.6.6 2009/04/29 10:50:25 tteras Exp $	*/
 
 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
 
@@ -486,7 +486,7 @@
 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
 #endif
 	error = X509_verify_cert(csc);
-	X509_STORE_CTX_cleanup(csc);
+	X509_STORE_CTX_free(csc);
 
 	/*
 	 * if x509_verify_cert() is successful then the value of error is

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-20 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon Apr 20 13:25:28 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
handler.c

Log Message:
From Paul Moore: Phase2 message id's should be unique wrt phase1, not
globally.


To generate a diff of this commit:
cvs rdiff -u -r1.9.6.7 -r1.9.6.8 \
src/crypto/dist/ipsec-tools/src/racoon/handler.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.7 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.8
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.9.6.7	Fri Jan 11 14:12:00 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c	Mon Apr 20 13:25:27 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: handler.c,v 1.9.6.7 2008/01/11 14:12:00 vanhu Exp $	*/
+/*	$NetBSD: handler.c,v 1.9.6.8 2009/04/20 13:25:27 tteras Exp $	*/
 
 /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
 
@@ -479,7 +479,7 @@
 	struct ph2handle *p;
 
 	LIST_FOREACH(p, ph2tree, chain) {
-		if (p-msgid == msgid)
+		if (p-msgid == msgid  p-ph1 == iph1)
 			return p;
 	}

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-20 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon Apr 20 13:27:12 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
nattraversal.c

Log Message:
Fix a memory leak in nat-t keepalive code.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.6.1 \
src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6.6.1
--- src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c:1.6	Sat Sep  9 16:22:09 2006
+++ src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c	Mon Apr 20 13:27:12 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: nattraversal.c,v 1.6 2006/09/09 16:22:09 manu Exp $	*/
+/*	$NetBSD: nattraversal.c,v 1.6.6.1 2009/04/20 13:27:12 tteras Exp $	*/
 
 /*
  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
@@ -319,6 +319,15 @@
   iph1-natt_flags |= NAT_ANNOUNCED;
 }
 
+static void
+natt_keepalive_delete (struct natt_ka_addrs *ka)
+{
+  TAILQ_REMOVE (ka_tree, ka, chain);
+  racoon_free (ka-src);
+  racoon_free (ka-dst);
+  racoon_free (ka);
+}
+
 /* NAT keepalive functions */
 static void
 natt_keepalive_send (void *param)
@@ -333,8 +342,7 @@
 
 s = getsockmyaddr(ka-src);
 if (s == -1) {
-  TAILQ_REMOVE (ka_tree, ka, chain);
-  racoon_free (ka);
+  natt_keepalive_delete(ka);
   continue;
 }
 plog (LLV_DEBUG, LOCATION, NULL, KA: %s\n, 
@@ -435,8 +443,7 @@
 
   plog (LLV_DEBUG, LOCATION, NULL, KA removing this one...\n);
 
-  TAILQ_REMOVE (ka_tree, ka, chain);
-  racoon_free (ka);
+  natt_keepalive_delete (ka);
   /* Should we break here? Every pair of addresses should 
  be inserted only once, but who knows :-) Lets traverse 
 	 the whole list... */

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-20 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon Apr 20 13:32:57 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
admin.c racoonctl.c

Log Message:
Originally from Bin Li: Fix a crash with racoonctl logout user.


To generate a diff of this commit:
cvs rdiff -u -r1.17.6.2 -r1.17.6.3 \
src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.7.6.1 -r1.7.6.2 \
src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.2 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.3
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.17.6.2	Wed Jun 18 07:30:19 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c	Mon Apr 20 13:32:57 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: admin.c,v 1.17.6.2 2008/06/18 07:30:19 mgrooms Exp $	*/
+/*	$NetBSD: admin.c,v 1.17.6.3 2009/04/20 13:32:57 tteras Exp $	*/
 
 /* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
 
@@ -307,16 +307,18 @@
 #ifdef ENABLE_HYBRID
 	case ADMIN_LOGOUT_USER: {
 		struct ph1handle *iph1;
-		char *user;
-		int found = 0;
+		char user[LOGINLEN+1];
+		int found = 0, len = com-ac_len - sizeof(com);
 
-		if (com-ac_len  sizeof(com) + LOGINLEN + 1) {
+		if (len  LOGINLEN) {
 			plog(LLV_ERROR, LOCATION, NULL,
 			malformed message (login too long)\n);
 			break;
 		}
 
-		user = (char *)(com + 1);
+		memcpy(user, (char *)(com + 1), len);
+		user[len] = 0;
+
 		found = purgeph1bylogin(user);
 		plog(LLV_INFO, LOCATION, NULL, 
 		deleted %d SA for user \%s\\n, found, user);

Index: src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.1 src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.2
--- src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c:1.7.6.1	Tue Jul 15 00:55:48 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c	Mon Apr 20 13:32:57 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: racoonctl.c,v 1.7.6.1 2008/07/15 00:55:48 mgrooms Exp $	*/
+/*	$NetBSD: racoonctl.c,v 1.7.6.2 2009/04/20 13:32:57 tteras Exp $	*/
 
 /*	Id: racoonctl.c,v 1.11 2006/04/06 17:06:25 manubsd Exp */
 
@@ -834,15 +834,17 @@
 	vchar_t *buf;
 	struct admin_com *head;
 	char *user;
+	size_t userlen;
 
 	/* need username */
 	if (ac  1)
 		errx(1, insufficient arguments);
 	user = av[0];
-	if ((user == NULL) || (strlen(user)  LOGINLEN))
+	userlen = strlen(user);
+	if ((user == NULL) || (userlen  LOGINLEN))
 		errx(1, bad login (too long?));
 
-	buf = vmalloc(sizeof(*head) + strlen(user) + 1);
+	buf = vmalloc(sizeof(*head) + userlen);
 	if (buf == NULL)
 		return NULL;
 
@@ -852,7 +854,7 @@
 	head-ac_errno = 0;
 	head-ac_proto = 0;
 
-	strncpy((char *)(head + 1), user, LOGINLEN);
+	strncpy((char *)(head + 1), user, userlen);
 
 	return buf;
 }

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-20 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon Apr 20 13:33:30 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
crypto_openssl.c

Log Message:
From Stephen Bevan: Fix a x509 signature verification memory leak.


To generate a diff of this commit:
cvs rdiff -u -r1.11.6.4 -r1.11.6.5 \
src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.4 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.5
--- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.11.6.4	Tue Jul 15 00:55:48 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c	Mon Apr 20 13:33:30 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: crypto_openssl.c,v 1.11.6.4 2008/07/15 00:55:48 mgrooms Exp $	*/
+/*	$NetBSD: crypto_openssl.c,v 1.11.6.5 2009/04/20 13:33:30 tteras Exp $	*/
 
 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
 
@@ -901,12 +901,14 @@
 	evp = X509_get_pubkey(x509);
 	if (! evp) {
 		plog(LLV_ERROR, LOCATION, NULL, X509_get_pubkey(): %s\n, eay_strerror());
+		X509_free(x509);
 		return -1;
 	}
 
 	res = eay_rsa_verify(source, sig, evp-pkey.rsa);
 
 	EVP_PKEY_free(evp);
+	X509_free(x509);
 
 	return res;
 }

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

2009-04-20 Thread Timo Ter�s

Module Name:src
Committed By:   tteras
Date:   Mon Apr 20 13:35:36 UTC 2009

Modified Files:
src/crypto/dist/ipsec-tools/src/racoon [ipsec-tools-0_7-branch]:
isakmp_inf.c isakmp_xauth.c plog.c

Log Message:
Orignally from Bin Li: Fix possible memory corruption in binsanitize().


To generate a diff of this commit:
cvs rdiff -u -r1.14.4.15 -r1.14.4.16 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
cvs rdiff -u -r1.11.6.1 -r1.11.6.2 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
cvs rdiff -u -r1.4.6.1 -r1.4.6.2 \
src/crypto/dist/ipsec-tools/src/racoon/plog.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.15 src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.16
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c:1.14.4.15	Wed Sep 17 12:49:50 2008
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c	Mon Apr 20 13:35:36 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_inf.c,v 1.14.4.15 2008/09/17 12:49:50 vanhu Exp $	*/
+/*	$NetBSD: isakmp_inf.c,v 1.14.4.16 2009/04/20 13:35:36 tteras Exp $	*/
 
 /* Id: isakmp_inf.c,v 1.44 2006/05/06 20:45:52 manubsd Exp */
 
@@ -339,8 +339,7 @@
 {
 	u_int type;
 	vchar_t *pbuf;
-	vchar_t *ndata;
-	char *nraw;
+	char *nraw, *ndata;
 	size_t l;
 	char *spi;
 
@@ -430,12 +429,12 @@
 		if (l  0) {
 			nraw = (char*)notify;	
 			nraw += sizeof(*notify) + notify-spi_size;
-			if ((ndata = vmalloc(l)) != NULL) {
-memcpy(ndata-v, nraw, ndata-l);
+			ndata = binsanitize(nraw, l);
+			if (ndata != NULL) {
 plog(LLV_ERROR, LOCATION, iph1-remote,
 Message: '%s'.\n, 
-binsanitize(ndata-v, ndata-l));
-vfree(ndata);
+ndata);
+racoon_free(ndata);
 			} else {
 plog(LLV_ERROR, LOCATION, iph1-remote,
 Cannot allocate memory\n);

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.11.6.1 src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.11.6.2
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c:1.11.6.1	Tue Aug  7 04:49:24 2007
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_xauth.c	Mon Apr 20 13:35:36 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp_xauth.c,v 1.11.6.1 2007/08/07 04:49:24 manu Exp $	*/
+/*	$NetBSD: isakmp_xauth.c,v 1.11.6.2 2009/04/20 13:35:36 tteras Exp $	*/
 
 /* Id: isakmp_xauth.c,v 1.38 2006/08/22 18:17:17 manubsd Exp */
 
@@ -1372,8 +1372,7 @@
 	int ashort = 0;
 	int value = 0;
 	vchar_t *buffer = NULL;
-	char* mraw = NULL;
-	vchar_t *mdata = NULL;
+	char *mraw = NULL, *mdata;
 	char *data;
 	vchar_t *usr = NULL;
 	vchar_t *pwd = NULL;
@@ -1460,16 +1459,16 @@
 			dlen = ntohs(attr-lorv);
 			if (dlen  0) {
 mraw = (char*)(attr + 1);
-if ((mdata = vmalloc(dlen)) == NULL) {
+mdata = binsanitize(mraw, dlen);
+if (mdata == NULL) {
 	plog(LLV_ERROR, LOCATION, iph1-remote,
 	Cannot allocate memory\n);
 	return NULL;
 }
-memcpy(mdata-v, mraw, mdata-l);
 plog(LLV_NOTIFY,LOCATION, iph1-remote,
 	XAUTH Message: '%s'.\n,
-	binsanitize(mdata-v, mdata-l));
-vfree(mdata);
+	mdata);
+racoon_free(mdata);
 			}
 		}
 		return NULL;
@@ -1529,8 +1528,7 @@
 	char *data;
 	struct xauth_state *xst;
 	size_t dlen = 0;
-	char* mraw = NULL;
-	vchar_t *mdata = NULL;
+	char* mraw = NULL, *mdata;
 
 	if ((iph1-mode_cfg-flags  ISAKMP_CFG_VENDORID_XAUTH) == 0) {
 		plog(LLV_ERROR, LOCATION, NULL, 
@@ -1587,16 +1585,16 @@
 			dlen = ntohs(attr-lorv);
 			if (dlen  0) {
 mraw = (char*)(attr + 1);
-if ((mdata = vmalloc(dlen)) == NULL) {
+mdata = binsanitize(mraw, dlen);
+if (mdata == NULL) {
 	plog(LLV_ERROR, LOCATION, iph1-remote,
 	Cannot allocate memory\n);
 	return NULL;
 }
-memcpy(mdata-v, mraw, mdata-l);
 plog(LLV_NOTIFY,LOCATION, iph1-remote,
 	XAUTH Message: '%s'.\n,
-	binsanitize(mdata-v, mdata-l));
-vfree(mdata);
+	mdata);
+racoon_free(mdata);
 			}
 		}
 

Index: src/crypto/dist/ipsec-tools/src/racoon/plog.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.4.6.1 src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.4.6.2
--- src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.4.6.1	Tue Nov  6 16:41:27 2007
+++ src/crypto/dist/ipsec-tools/src/racoon/plog.c	Mon Apr 20 13:35:36 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: plog.c,v 1.4.6.1 2007/11/06 16:41:27 vanhu Exp $	*/
+/*	$NetBSD: plog.c,v 1.4.6.2 2009/04/20 13:35:36 tteras Exp $	*/
 
 /* Id: plog.c,v 1.11 2006/06/20 09:57:31 vanhu Exp */
 
@@ -251,15 +251,18 @@
 {
 	int p,q;
 	char* d;
+
+	d = racoon_malloc(n + 1);
 	for (p = 0, q = 0; p  n; p++) {
- if (isgraph((int)binstr[p])) {
-			binstr[q++] = binstr[p];
+		if (isgraph((int)binstr[p])) {
+			d[q++] = binstr[p];
 		} else {
-			if (q  binstr[q - 1] != ' ')
-

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

CVS commit: [ipsec-tools-0_7-branch] src/crypto/dist/ipsec-tools/src/racoon

15 matches

Site Navigation

Mail list logo

Footer information