1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
2 --- a/src/racoon/crypto_openssl.c
3 +++ b/src/racoon/crypto_openssl.c
4 @@ -900,12 +900,14 @@ eay_check_x509sign(source, sig, cert)
5 evp = X509_get_pubkey(x509);
7 plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
12 res = eay_rsa_verify(source, sig, evp->pkey.rsa);
19 --- a/src/racoon/nattraversal.c
20 +++ b/src/racoon/nattraversal.c
21 @@ -319,6 +319,15 @@ natt_handle_vendorid (struct ph1handle *
22 iph1->natt_flags |= NAT_ANNOUNCED;
26 +natt_keepalive_delete (struct natt_ka_addrs *ka)
28 + TAILQ_REMOVE (&ka_tree, ka, chain);
29 + racoon_free (ka->src);
30 + racoon_free (ka->dst);
34 /* NAT keepalive functions */
36 natt_keepalive_send (void *param)
37 @@ -333,8 +342,7 @@ natt_keepalive_send (void *param)
39 s = getsockmyaddr(ka->src);
41 - TAILQ_REMOVE (&ka_tree, ka, chain);
43 + natt_keepalive_delete(ka);
46 plog (LLV_DEBUG, LOCATION, NULL, "KA: %s\n",
47 @@ -435,8 +443,7 @@ natt_keepalive_remove (struct sockaddr *
49 plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
51 - TAILQ_REMOVE (&ka_tree, ka, chain);
53 + natt_keepalive_delete (ka);
54 /* Should we break here? Every pair of addresses should
55 be inserted only once, but who knows :-) Lets traverse