Back out r1.103, which caused SA's to leak until memory was exhausted.

OK hshoexer, nathanael, mpf, "get that in" deraadt

1 files changed, 6 insertions, 58 deletions

diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 97a351c28ef..7e2e88e9411 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.108 2006/06/02 19:35:55 hshoexer Exp $	 */
+/* $OpenBSD: sa.c,v 1.109 2006/08/30 16:33:31 cloder Exp $	 */
 /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $	 */
 
 /*
@@ -1165,56 +1165,6 @@ sa_teardown_all(void)
 }
 
 /*
- * This function will get called when the exchange initiated by sa_soft_expire
- * completes. The intent is to support the case where the initiator has a phase
- * 1 SA, but the responder does not, or in the case of a fail-over gateway, the
- * responder SA does not match the one held by the initiator.
- *
- * Note that if sa_soft_expire initiates a phase 1 exchange, then this will be 
- * called at the completion of that.
- */
-static void
-sa_soft_finalize(struct exchange* exchange, void *v_sa, int fail)
-{
-	struct sa *sa = v_sa;
-
-	if (sa->phase != 2 || !sa->death ||
-	    (sa->flags & SA_FLAG_REPLACED)) {
-		sa_release(sa);
-		return;
-	}
-
-	if (fail) {
-		char *peer = conf_get_str(sa->name, "ISAKMP-peer");
-		if (peer) {
-			struct sa *p1_sa;
-			while ((p1_sa = sa_lookup_by_name(peer, 1)))
-				sa_free(p1_sa);
-		}
-	}
-
-	if (exchange)
-		exchange_establish(sa->name, sa_soft_finalize, sa,
-		    sa->flags & SA_FLAG_STAYALIVE);
-	else {
-		struct timeval  expiration;
-		int 		seconds;
-
-		gettimeofday(&expiration, 0);
-		seconds = conf_get_num("General", "Exchange-max-time",
-		    EXCHANGE_MAX_TIME);
-		LOG_DBG((LOG_TIMER, 95,
-	    	    "sa_soft_finalize: SA %p soft timeout in %d seconds",
-		    sa, seconds));
-		expiration.tv_sec += seconds;
-		sa->soft_death = timer_add_event("sa_soft_expire",
-		    sa_soft_expire, sa, &expiration);
-		if (!sa->soft_death)
-			sa_release(sa);
-	}
-}
-
-/*
  * This function will get called when we are closing in on the death time of SA
  */
 static void
@@ -1223,19 +1173,17 @@ sa_soft_expire(void *v_sa)
 	struct sa      *sa = v_sa;
 
 	sa->soft_death = 0;
+	sa_release(sa);
 
-	if (sa->death && (sa->flags & (SA_FLAG_STAYALIVE | SA_FLAG_REPLACED))
-	    == SA_FLAG_STAYALIVE)
-		/* soft_finalize will (eventually) release the sa */
-		exchange_establish(sa->name, sa_soft_finalize, sa, 1);
-	else {
+	if ((sa->flags & (SA_FLAG_STAYALIVE | SA_FLAG_REPLACED)) ==
+	    SA_FLAG_STAYALIVE)
+		exchange_establish(sa->name, 0, 0, 1);
+	else
 		/*
 		 * Start to watch the use of this SA, so a renegotiation can
 		 * happen as soon as it is shown to be alive.
 		 */
 		sa->flags |= SA_FLAG_FADING;
-		sa_release(sa);
-	}
 }
 
 /* SA has passed its best before date.  */