[Swan-dev] crash introduced in c2ea0911 while replacing IKEv1 ISKAMP SA

Matt Rogers mrogers at redhat.com
Fri Nov 11 18:47:03 UTC 2016


On Wed, 2016-11-02 at 20:32 +0200, Tuomo Soini wrote:
> On Sat, 29 Oct 2016 19:10:18 +0200
> Antony Antony <antony at phenome.org> wrote:
> 
> > 
> > c2ea0911 introduced a crasher for IKEv1. When pluto replace IKE SA
> > and delete itself.
> > 
> > #0  0x00005610ca3c34b7 in free_generalNames (gn=0xe, free_name=1)
> >     at /home/build/libreswan/lib/libswan/x509dn.c:742
> > #1  0x00005610ca329edb in delete_state (st=0x5610cb16eaa0)
> > at /home/build/libreswan/programs/pluto/state.c:922
> > 
> > I think Tuomo also noticed this crasher. He mentioned that he is
> > working on it on IRC. Here is a simple fix for it. Possibly there
> > is
> > a better way to clean up freeing st_requested_ca. 
> > 
> > leak detect was not enabled when I tried. It seems to have
> > disappeared again.
> > 
> > I wonder if the c2ea0911 was only tested for IKEv2? IKEv2 does not
> > seems to have this issue. Or possibly interoperating with other
> > implemenations?
> > 
> > -antony
> > 
> > PS: in the testcase you could test it in ikev2-20-ikesa-replace
> > change ikev2=never on road.conf and east.conf.
> > 
> > https://bugs.libreswan.org/show_bug.cgi?id=276
> 
> The patch in this bug was cause for the crasher. I reverted it with
> commit 14348a4e3433881a56ac8463c2d052ba03428197.
> 
> 

I've added a patch and comment to the bug; with 14348a4e reverted and
the patch applied, there should be no more leaks or double-free of the
gn.

Matt


More information about the Swan-dev mailing list