From 37ce25f4a9b320ab896bd0b43a131355fb9b495e Mon Sep 17 00:00:00 2001 From: markus Date: Fri, 9 May 2014 06:29:46 +0000 Subject: [PATCH] replace iked_transform pointer with xform id, since target of pointer might be freed (e.g. on ike sa rekey); ok mikeb@ --- sbin/iked/iked.h | 6 +++--- sbin/iked/ikev2.c | 8 +++++--- sbin/iked/pfkey.c | 14 +++++++------- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 34d8204ad2b..a1665f07aec 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.79 2014/05/08 13:11:16 blambert Exp $ */ +/* $OpenBSD: iked.h,v 1.80 2014/05/09 06:29:46 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -174,10 +174,10 @@ struct iked_childsa { struct iked_spi csa_spi; struct ibuf *csa_encrkey; /* encryption key */ - struct iked_transform *csa_encrxf; /* encryption xform */ + u_int16_t csa_encrid; /* encryption xform id */ struct ibuf *csa_integrkey; /* auth key */ - struct iked_transform *csa_integrxf; /* auth xform */ + u_int16_t csa_integrid; /* auth xform id */ struct iked_id *csa_srcid; struct iked_id *csa_dstid; diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 888b09bbe8a..37feb432a82 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.110 2014/05/07 12:57:13 markus Exp $ */ +/* $OpenBSD: ikev2.c,v 1.111 2014/05/09 06:29:46 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -4372,8 +4372,10 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, childsa_free(csa); goto done; } - csa->csa_encrxf = encrxf; - csa->csa_integrxf = integrxf; + if (encrxf) + csa->csa_encrid = encrxf->xform_id; + if (integrxf) + csa->csa_integrid = integrxf->xform_id; if ((csb = calloc(1, sizeof(*csb))) == NULL) { log_debug("%s: failed to get CHILD SA", __func__); diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c index c9b74836ca0..afe2d607829 100644 --- a/sbin/iked/pfkey.c +++ b/sbin/iked/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.35 2014/05/07 13:09:43 markus Exp $ */ +/* $OpenBSD: pfkey.c,v 1.36 2014/05/09 06:29:46 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -540,20 +540,20 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, struct iked_childsa *sa) ntohs(udpencap.sadb_x_udpencap_port)); } - if (sa->csa_integrxf) + if (sa->csa_integrid) if (pfkey_map(pfkey_integr, - sa->csa_integrxf->xform_id, &sadb.sadb_sa_auth) == -1) { + sa->csa_integrid, &sadb.sadb_sa_auth) == -1) { log_warnx("%s: unsupported integrity algorithm %s", - __func__, print_map(sa->csa_integrxf->xform_id, + __func__, print_map(sa->csa_integrid, ikev2_xformauth_map)); return (-1); } - if (sa->csa_encrxf) + if (sa->csa_encrid) if (pfkey_map(pfkey_encr, - sa->csa_encrxf->xform_id, &sadb.sadb_sa_encrypt) == -1) { + sa->csa_encrid, &sadb.sadb_sa_encrypt) == -1) { log_warnx("%s: unsupported encryption algorithm %s", - __func__, print_map(sa->csa_encrxf->xform_id, + __func__, print_map(sa->csa_encrid, ikev2_xformencr_map)); return (-1); } -- 2.20.1