File fix-ph1-leak.patch of Package ipsec-tools

Subject: Fix a memory leak in PH1
References: bnc#416906, CVE-2008-3652

Upstream: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c.diff?r1=1.20.6.11&r2=1.20.6.12&f=h

===================================================================
RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
retrieving revision 1.20.6.11
retrieving revision 1.20.6.12
diff -u -p -r1.20.6.11 -r1.20.6.12
--- a/src/racoon/isakmp.c	2008/07/11 08:08:41	1.20.6.11
+++ b/src/racoon/isakmp.c	2008/08/12 12:47:07	1.20.6.12
@@ -1,4 +1,4 @@
-/*	$NetBSD: isakmp.c,v 1.20.6.11 2008/07/11 08:08:41 tteras Exp $	*/
+/*	$NetBSD: isakmp.c,v 1.20.6.12 2008/08/12 12:47:07 vanhu Exp $	*/
 
 /* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
 
@@ -798,20 +798,24 @@ ph1_main(iph1, msg)
 			    [iph1->side]
 			    [iph1->status])(iph1, msg);
 	if (error != 0) {
-#if 0
+
 		/* XXX
 		 * When an invalid packet is received on phase1, it should
 		 * be selected to process this packet.  That is to respond
 		 * with a notify and delete phase 1 handler, OR not to respond
-		 * and keep phase 1 handler.
+		 * and keep phase 1 handler. However, in PHASE1ST_START when
+		 * acting as RESPONDER we must not keep phase 1 handler or else
+		 * it will stay forever.
 		 */
-		plog(LLV_ERROR, LOCATION, iph1->remote,
-			"failed to pre-process packet.\n");
-		return -1;
-#else
-		/* ignore the error and keep phase 1 handler */
-		return 0;
-#endif
+
+		if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
+			plog(LLV_ERROR, LOCATION, iph1->remote,
+				"failed to pre-process packet.\n");
+			return -1;
+		} else {
+			/* ignore the error and keep phase 1 handler */
+			return 0;
+		}
 	}
 
 #ifndef ENABLE_FRAG