net/ipsec-tools/patches/902-cve-2009-1632.patch

   1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
   2 --- a/src/racoon/crypto_openssl.c
   3 +++ b/src/racoon/crypto_openssl.c
   4 @@ -900,12 +900,14 @@ eay_check_x509sign(source, sig, cert)
   5         evp = X509_get_pubkey(x509);
   6         if (! evp) {
   7                 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
   8 +               X509_free(x509);
   9                 return -1;
  10         }
  11
  12         res = eay_rsa_verify(source, sig, evp->pkey.rsa);
  13
  14         EVP_PKEY_free(evp);
  15 +       X509_free(x509);
  16
  17         return res;
  18  }
  19 --- a/src/racoon/nattraversal.c
  20 +++ b/src/racoon/nattraversal.c
  21 @@ -319,6 +319,15 @@ natt_handle_vendorid (struct ph1handle *
  22        iph1->natt_flags |= NAT_ANNOUNCED;
  23  }
  24
  25 +static void
  26 +natt_keepalive_delete (struct natt_ka_addrs *ka)
  27 +{
  28 +  TAILQ_REMOVE (&ka_tree, ka, chain);
  29 +  racoon_free (ka->src);
  30 +  racoon_free (ka->dst);
  31 +  racoon_free (ka);
  32 +}
  33 +
  34  /* NAT keepalive functions */
  35  static void
  36  natt_keepalive_send (void *param)
  37 @@ -333,8 +342,7 @@ natt_keepalive_send (void *param)
  38
  39      s = getsockmyaddr(ka->src);
  40      if (s == -1) {
  41 -      TAILQ_REMOVE (&ka_tree, ka, chain);
  42 -      racoon_free (ka);
  43 +      natt_keepalive_delete(ka);
  44        continue;
  45      }
  46      plog (LLV_DEBUG, LOCATION, NULL, "KA: %s\n",
  47 @@ -435,8 +443,7 @@ natt_keepalive_remove (struct sockaddr *
  48
  49        plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
  50
  51 -      TAILQ_REMOVE (&ka_tree, ka, chain);
  52 -      racoon_free (ka);
  53 +      natt_keepalive_delete (ka);
  54        /* Should we break here? Every pair of addresses should
  55           be inserted only once, but who knows :-) Lets traverse
  56          the whole list... */