[Swan-dev] pluto: Fix nat_traversal assertion failure in main_inI1_outR1
Herbert Xu
herbert at gondor.apana.org.au
Wed Apr 29 11:04:36 EEST 2015
The function main_inI1_outI1 increments numvidtosend when it
calculates what vendor IDs will be sent. It then decrements
it when actually sending out those IDs.
Therefore it is paramount that the same condition be used in
both cases for a given vendor ID. However, for nat_traversal
we end up using different conditions, causing a potential imbalance
and crash.
This patch fixes it by using the same condition for both.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
diff --git a/programs/pluto/ikev1_main.c b/programs/pluto/ikev1_main.c
index bc65479..47f4710 100644
--- a/programs/pluto/ikev1_main.c
+++ b/programs/pluto/ikev1_main.c
@@ -790,7 +790,7 @@ stf_status main_inI1_outR1(struct msg_digest *md)
}
/* Increase VID counter for NAT-T VID */
- if (nat_traversal_enabled && md->quirks.qnat_traversal_vid != VID_none) {
+ if (st->hidden_variables.st_nat_traversal != LEMPTY) {
DBG(DBG_NATT, DBG_log("nat-t detected, sending nat-t VID"));
numvidtosend++;
}
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Swan-dev
mailing list