[Swan-dev] IKEv1 xauth core dump from freeanychunk() fix
Paul Wouters
paul at nohats.ca
Fri May 25 15:54:13 UTC 2018
On Fri, 25 May 2018, Andrew Cagney wrote:
>
> My fix to freeanychunk() - remember to clear .len - triggered a core
> dump: http://testing.libreswan.org/results/v3.22-1470-gc793691-master/xauth-pluto-19/OUTPUT/
> #1 gets magically morphed from
> STATE_MODE_CFG_R2(established-authenticated-ike) =>
> STATE_MAIN_R3(established-authenticated-ike) (magic) as in:
> if (st->st_state == STATE_MODE_CFG_R2) {
> /* ISAKMP is up... */
> change_state(st, STATE_MAIN_R3);
> }
> gets the re-transmit and, since both #1's last packet received
> matches and STATE_MAIN_R3 has retransmit flag set, it tries to do just
> that
> but since #1's .st_tpacket is empty things barf
>
> I suspect st_rpacket should be deleted when morphing #1?
sounds right.
Paul
More information about the Swan-dev
mailing list