CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Fri, 11 Mar 2011 06:30:20 -0800 

Module Name:    src
Committed By:   vanhu
Date:           Fri Mar 11 14:30:07 UTC 2011

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: handler.c isakmp.c

Log Message:
directly delete a ph1 in remove_ph1-) instead of scheduling it, to avoid 
(completely ?) a race condition when reloading configuration


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/crypto/dist/ipsec-tools/src/racoon/handler.c
cvs rdiff -u -r1.68 -r1.69 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.35 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.36
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.35	Tue Dec 28 06:00:18 2010
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c	Fri Mar 11 14:30:07 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: handler.c,v 1.35 2010/12/28 06:00:18 tteras Exp $	*/
+/*	$NetBSD: handler.c,v 1.36 2011/03/11 14:30:07 vanhu Exp $	*/
 
 /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
 
@@ -1447,6 +1447,7 @@
 		 * - delete SPIs in kernel
 		 * - delete generated SPD
 		 * - unbind / rem / del ph2
+		 * - XXX shoudld also send a delete-sa !?
 		 */
 		purge_ipsec_spi(iph2->dst, iph2->approval->head->proto_id,
 						spis, 2);
@@ -1474,7 +1475,11 @@
 		isakmp_info_send_d1(iph1);
 	}
 	iph1->status = PHASE1ST_EXPIRED;
-	sched_schedule(&iph1->sce, 1, isakmp_ph1delete_stub);
+	/* directly call isakmp_ph1delete to avoid as possible a race
+	 * condition where we'll try to access iph1->rmconf after it has
+	 * freed
+	 */
+	isakmp_ph1delete(iph1);
 }
 
 

Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.68 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.69
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.68	Tue Mar  1 14:33:58 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c	Fri Mar 11 14:30:07 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp.c,v 1.68 2011/03/01 14:33:58 vanhu Exp $	*/
+/*	$NetBSD: isakmp.c,v 1.69 2011/03/11 14:30:07 vanhu Exp $	*/
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -2048,6 +2048,9 @@
 		next = LIST_NEXT(p, ph1bind);
 		if (p->status >= PHASE2ST_ESTABLISHED)
 			unbindph12(p);
+		/* Should we also remove non established ph2
+		 * handles, as we just invalidated ph1handle ?
+		 */
 	}
 
 	if (LIST_FIRST(&iph1->ph2tree) != NULL) {

Reply via email to