disable the SA dpd timer on sa_free(). this avoid a race

between DPD and initial contact (double free); ok hshoexer

2 files changed, 14 insertions, 6 deletions

diff --git a/sbin/isakmpd/dpd.c b/sbin/isakmpd/dpd.c
index 6c355777f02..56b09d335d1 100644
--- a/sbin/isakmpd/dpd.c
+++ b/sbin/isakmpd/dpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dpd.c,v 1.8 2005/02/24 16:05:42 markus Exp $	*/
+/*	$OpenBSD: dpd.c,v 1.9 2005/02/24 16:16:46 markus Exp $	*/
 
 /*
  * Copyright (c) 2004 Håkan Olsson.  All rights reserved.
@@ -305,8 +305,6 @@ dpd_event(void *v_sa)
 #endif
 
 	isakmp_sa->dpd_event = 0;
-	if (isakmp_sa->flags & SA_FLAG_REPLACED)
-		return;
 
 	/* Check if there's been any incoming SA activity since last time.  */
 	args.isakmp_sa = isakmp_sa;
@@ -357,8 +355,6 @@ dpd_check_event(void *v_sa)
 	struct sa	*sa;
 
 	isakmp_sa->dpd_event = 0;
-	if (isakmp_sa->flags & SA_FLAG_REPLACED)
-		return;
 
 	if (++isakmp_sa->dpd_failcount < DPD_RETRANS_MAX) {
 		LOG_DBG((LOG_MESSAGE, 10, "dpd_check_event: "
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 836200c64d6..d1564709c56 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.88 2005/02/16 22:00:14 hshoexer Exp $	 */
+/* $OpenBSD: sa.c,v 1.89 2005/02/24 16:16:46 markus Exp $	 */
 /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $	 */
 
 /*
@@ -724,6 +724,12 @@ sa_free(struct sa *sa)
 		sa->soft_death = 0;
 		sa->refcnt--;
 	}
+#if defined (USE_DPD)
+	if (sa->dpd_event) {
+		timer_remove_event(sa->dpd_event);
+		sa->dpd_event = 0;
+	}
+#endif
 	sa_remove(sa);
 }
 
@@ -1183,6 +1189,12 @@ sa_mark_replaced(struct sa *sa)
 {
 	LOG_DBG((LOG_SA, 60, "sa_mark_replaced: SA %p (%s) marked as replaced",
 	    sa, sa->name ? sa->name : "unnamed"));
+#if defined (USE_DPD)
+	if (sa->dpd_event) {
+		timer_remove_event(sa->dpd_event);
+		sa->dpd_event = 0;
+	}
+#endif
 	sa->flags |= SA_FLAG_REPLACED;
 }