CVS commit: src/crypto/dist/ipsec-tools/src/racoon

Thu, 17 Mar 2011 07:39:15 -0700 

Module Name:    src
Committed By:   vanhu
Date:           Thu Mar 17 14:39:07 UTC 2011

Modified Files:
        src/crypto/dist/ipsec-tools/src/racoon: oakley.c

Log Message:
free name later, to avoid a memory use after free in oakley_check_certid(). 
also give iph1->remote to some plog() calls. patch by Roman Hoog Antink 
<r...@open.ch>


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/racoon/oakley.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.20 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.21
--- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.20	Thu Mar 17 14:35:24 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c	Thu Mar 17 14:39:06 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: oakley.c,v 1.20 2011/03/17 14:35:24 vanhu Exp $	*/
+/*	$NetBSD: oakley.c,v 1.21 2011/03/17 14:39:06 vanhu Exp $	*/
 
 /* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
 
@@ -1791,7 +1791,7 @@
 		return 0;
 
 	if (iph1->id_p == NULL || iph1->cert_p == NULL) {
-		plog(LLV_ERROR, LOCATION, NULL, "no ID nor CERT found.\n");
+		plog(LLV_ERROR, LOCATION, iph1->remote, "no ID nor CERT found.\n");
 		return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
 	}
 
@@ -1802,26 +1802,28 @@
 	case IPSECDOI_ID_DER_ASN1_DN:
 		name = eay_get_x509asn1subjectname(iph1->cert_p);
 		if (!name) {
-			plog(LLV_ERROR, LOCATION, NULL,
+			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"failed to get subjectName\n");
 			return ISAKMP_NTYPE_INVALID_CERTIFICATE;
 		}
 		if (idlen != name->l) {
-			plog(LLV_ERROR, LOCATION, NULL,
+			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"Invalid ID length in phase 1.\n");
 			vfree(name);
 			return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
 		}
 		error = memcmp(id_b + 1, name->v, idlen);
-		vfree(name);
 		if (error != 0) {
-			plog(LLV_ERROR, LOCATION, NULL,
+			plog(LLV_ERROR, LOCATION, iph1->remote,
 				"ID mismatched with ASN1 SubjectName.\n");
 			plogdump(LLV_DEBUG, id_b + 1, idlen);
 			plogdump(LLV_DEBUG, name->v, idlen);
-			if (iph1->rmconf->verify_identifier)
+			if (iph1->rmconf->verify_identifier) {
+				vfree(name);
 				return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
+			}
 		}
+		vfree(name);
 		return 0;
 	case IPSECDOI_ID_IPV4_ADDR:
 	case IPSECDOI_ID_IPV6_ADDR:

Reply via email to