Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
ipsec-tools
fix-ph1-leak.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-ph1-leak.patch of Package ipsec-tools
Subject: Fix a memory leak in PH1 References: bnc#416906, CVE-2008-3652 Upstream: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c.diff?r1=1.20.6.11&r2=1.20.6.12&f=h =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v retrieving revision 1.20.6.11 retrieving revision 1.20.6.12 diff -u -p -r1.20.6.11 -r1.20.6.12 --- a/src/racoon/isakmp.c 2008/07/11 08:08:41 1.20.6.11 +++ b/src/racoon/isakmp.c 2008/08/12 12:47:07 1.20.6.12 @@ -1,4 +1,4 @@ -/* $NetBSD: isakmp.c,v 1.20.6.11 2008/07/11 08:08:41 tteras Exp $ */ +/* $NetBSD: isakmp.c,v 1.20.6.12 2008/08/12 12:47:07 vanhu Exp $ */ /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */ @@ -798,20 +798,24 @@ ph1_main(iph1, msg) [iph1->side] [iph1->status])(iph1, msg); if (error != 0) { -#if 0 + /* XXX * When an invalid packet is received on phase1, it should * be selected to process this packet. That is to respond * with a notify and delete phase 1 handler, OR not to respond - * and keep phase 1 handler. + * and keep phase 1 handler. However, in PHASE1ST_START when + * acting as RESPONDER we must not keep phase 1 handler or else + * it will stay forever. */ - plog(LLV_ERROR, LOCATION, iph1->remote, - "failed to pre-process packet.\n"); - return -1; -#else - /* ignore the error and keep phase 1 handler */ - return 0; -#endif + + if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { + plog(LLV_ERROR, LOCATION, iph1->remote, + "failed to pre-process packet.\n"); + return -1; + } else { + /* ignore the error and keep phase 1 handler */ + return 0; + } } #ifndef ENABLE_FRAG
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor