CVSROOT: /cvs Module name: src Changes by: m...@cvs.openbsd.org 2017/07/18 00:19:07
Modified files:
sbin/isakmpd : ipsec.c
Log message:
Prevent a NULL dereference when comparing incomplete SAs.
This deference can occur because sa_find() is called from a timer and
iterates over all existing `sa'. At that time the corresponding
`finalize_exchange' might not have been called, in which case it is
unsafe to dereference `src_net', `dst_net' & co.
Issue reported by MichaÅ Koc. ok hshoexer@, markus@
