Module Name: src Committed By: vanhu Date: Thu Mar 17 14:39:07 UTC 2011
Modified Files: src/crypto/dist/ipsec-tools/src/racoon: oakley.c Log Message: free name later, to avoid a memory use after free in oakley_check_certid(). also give iph1->remote to some plog() calls. patch by Roman Hoog Antink <r...@open.ch> To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/racoon/oakley.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.20 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.21 --- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.20 Thu Mar 17 14:35:24 2011 +++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Thu Mar 17 14:39:06 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: oakley.c,v 1.20 2011/03/17 14:35:24 vanhu Exp $ */ +/* $NetBSD: oakley.c,v 1.21 2011/03/17 14:39:06 vanhu Exp $ */ /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */ @@ -1791,7 +1791,7 @@ return 0; if (iph1->id_p == NULL || iph1->cert_p == NULL) { - plog(LLV_ERROR, LOCATION, NULL, "no ID nor CERT found.\n"); + plog(LLV_ERROR, LOCATION, iph1->remote, "no ID nor CERT found.\n"); return ISAKMP_NTYPE_INVALID_ID_INFORMATION; } @@ -1802,26 +1802,28 @@ case IPSECDOI_ID_DER_ASN1_DN: name = eay_get_x509asn1subjectname(iph1->cert_p); if (!name) { - plog(LLV_ERROR, LOCATION, NULL, + plog(LLV_ERROR, LOCATION, iph1->remote, "failed to get subjectName\n"); return ISAKMP_NTYPE_INVALID_CERTIFICATE; } if (idlen != name->l) { - plog(LLV_ERROR, LOCATION, NULL, + plog(LLV_ERROR, LOCATION, iph1->remote, "Invalid ID length in phase 1.\n"); vfree(name); return ISAKMP_NTYPE_INVALID_ID_INFORMATION; } error = memcmp(id_b + 1, name->v, idlen); - vfree(name); if (error != 0) { - plog(LLV_ERROR, LOCATION, NULL, + plog(LLV_ERROR, LOCATION, iph1->remote, "ID mismatched with ASN1 SubjectName.\n"); plogdump(LLV_DEBUG, id_b + 1, idlen); plogdump(LLV_DEBUG, name->v, idlen); - if (iph1->rmconf->verify_identifier) + if (iph1->rmconf->verify_identifier) { + vfree(name); return ISAKMP_NTYPE_INVALID_ID_INFORMATION; + } } + vfree(name); return 0; case IPSECDOI_ID_IPV4_ADDR: case IPSECDOI_ID_IPV6_ADDR: