[Swan-dev] IKEv1 xauth core dump from freeanychunk() fix

Fri May 25 15:54:13 UTC 2018

On Fri, 25 May 2018, Andrew Cagney wrote:

> 
> My fix to freeanychunk() - remember to clear .len - triggered a core
> dump: http://testing.libreswan.org/results/v3.22-1470-gc793691-master/xauth-pluto-19/OUTPUT/

>    #1 gets magically morphed from
> STATE_MODE_CFG_R2(established-authenticated-ike) =>
> STATE_MAIN_R3(established-authenticated-ike) (magic) as in:
>            if (st->st_state == STATE_MODE_CFG_R2) {
>                /* ISAKMP is up... */
>                change_state(st, STATE_MAIN_R3);
>            }

>    gets the re-transmit and, since both #1's last packet received
> matches and STATE_MAIN_R3 has retransmit flag set, it tries to do just
> that
>    but since #1's .st_tpacket is empty things barf
>
> I suspect st_rpacket should be deleted when morphing #1?

sounds right.

Paul