NetBSD Problem Report #54020

From www@NetBSD.org  Tue Feb 26 21:38:11 2019
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 9CBF37A14F
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 26 Feb 2019 21:38:11 +0000 (UTC)
Message-Id: <20190226213810.C0DDB7A1DA@mollari.NetBSD.org>
Date: Tue, 26 Feb 2019 21:38:10 +0000 (UTC)
From: mail@maciej.szmigiero.name
Reply-To: mail@maciej.szmigiero.name
To: gnats-bugs@NetBSD.org
Subject: three patches for ipsec-tools
X-Send-Pr-Version: www-1.0

>Number:         54020
>Category:       misc
>Synopsis:       three patches for ipsec-tools
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 26 21:40:00 +0000 2019
>Originator:     Maciej S. Szmigiero
>Release:        
>Organization:
>Environment:
>Description:
I am attaching three patches for ipsec-tools (crypto/dist/ipsec-tools),
since NetBSD is now this package's upstream.

The first one fixes freeing uninitialized pointer in binbuf_pubkey2rsa()
on error path.

If we take the first error path (the one where the decoded string doesn't
make sense) in binbuf_pubkey2rsa() we call BN_free() on "exp" so we have
to make sure that we NULL-initialize it.

The second one fixes ipsec-tools Linux build, a configuration that some
of recent code changes have broken.

The third one makes racoon use CLOCK_BOOTTIME for measuring time, if
this clock is available.

The difference between CLOCK_BOOTTIME and CLOCK_MONOTONIC is that
CLOCK_MONOTONIC stops when the machine is sleeping.

Linux kernel uses CLOCK_BOOTTIME for measuring things like SA expiry times.
We should do likewise, so we don't get a different view than the kernel and
our peers when exactly our SAs expire when the machine gets suspended and
then resumed.

>How-To-Repeat:

>Fix:
The three patches are available at:
https://gist.github.com/maciejsszmigiero/47e200b64335e90ef275440988b89a12

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.