This is the second version of this patch.

Apply by doing:
	cd /usr/src
	patch -p0 < 027_isakmpd.patch

Then rebuild and install isakmpd:
	cd sbin/isakmpd
	make obj
	make cleandir
	make depend
	make
	make install

Index: sbin/isakmpd/message.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/message.c,v
retrieving revision 1.45.2.1
diff -u -r1.45.2.1 message.c
--- sbin/isakmpd/message.c	27 Mar 2002 04:24:22 -0000	1.45.2.1
+++ sbin/isakmpd/message.c	5 Jul 2002 13:21:11 -0000
@@ -492,6 +500,14 @@
   struct exchange *exchange = msg->exchange;
   size_t len = GET_ISAKMP_GEN_LENGTH (p->p);
 
+  if (!exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_id: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (exchange->doi
       && exchange->doi->validate_id_information (GET_ISAKMP_ID_TYPE (p->p),
 						 p->p + ISAKMP_ID_DOI_DATA_OFF,
@@ -512,6 +528,14 @@
   struct exchange *exchange = msg->exchange;
   size_t len = GET_ISAKMP_GEN_LENGTH (p->p);
 
+  if (!exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_key_exch: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (exchange->doi
       && exchange->doi->validate_key_information (p->p + ISAKMP_KE_DATA_OFF,
 						  len - ISAKMP_KE_DATA_OFF))
@@ -526,6 +550,14 @@
 static int
 message_validate_nonce (struct message *msg, struct payload *p)
 {
+  if (!msg->exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_nonce: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* Nonces require no specific validation.  */
   return 0;
 }
@@ -598,6 +630,14 @@
   u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->p);
   u_int8_t *sa = p->context->p;
 
+  if (!msg->exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_proposal: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (proto != ISAKMP_PROTO_ISAKMP
       && msg->exchange->doi->validate_proto (proto))
     {
@@ -727,6 +767,14 @@
 static int
 message_validate_sig (struct message *msg, struct payload *p)
 {
+  if (!msg->exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_sig: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* XXX Not implemented yet.  */
   return 0;
 }
@@ -738,6 +786,14 @@
   u_int8_t proto = GET_ISAKMP_PROP_PROTO (p->context->p);
   u_int8_t *prop = p->context->p;
 
+  if (!msg->exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_transform: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   if (msg->exchange->doi
       ->validate_transform_id (proto, GET_ISAKMP_TRANSFORM_ID (p->p)))
     {
@@ -782,6 +838,14 @@
 static int
 message_validate_vendor (struct message *msg, struct payload *p)
 {
+  if (!msg->exchange)
+    {
+      /* We should have an exchange at this point.  */
+      log_print ("message_validate_vendor: payload out of sequence");
+      message_drop (msg, ISAKMP_NOTIFY_PAYLOAD_MALFORMED, 0, 1, 1);
+      return -1;
+    }
+
   /* Vendor IDs are only allowed in phase 1.  */
   if (msg->exchange->phase != 1)
     {