[Swan-dev] IKEv1 xauth core dump from freeanychunk() fix
Andrew Cagney
andrew.cagney at gmail.com
Mon May 28 14:36:20 UTC 2018
On 25 May 2018 at 11:54, Paul Wouters <paul at nohats.ca> wrote:
> On Fri, 25 May 2018, Andrew Cagney wrote:
>
>>
>> My fix to freeanychunk() - remember to clear .len - triggered a core
>> dump:
>> http://testing.libreswan.org/results/v3.22-1470-gc793691-master/xauth-pluto-19/OUTPUT/
>
>
>> #1 gets magically morphed from
>> STATE_MODE_CFG_R2(established-authenticated-ike) =>
>> STATE_MAIN_R3(established-authenticated-ike) (magic) as in:
>> if (st->st_state == STATE_MODE_CFG_R2) {
>> /* ISAKMP is up... */
>> change_state(st, STATE_MAIN_R3);
>> }
>
>
>> gets the re-transmit and, since both #1's last packet received
>> matches and STATE_MAIN_R3 has retransmit flag set, it tries to do just
>> that
>> but since #1's .st_tpacket is empty things barf
>>
>> I suspect st_rpacket should be deleted when morphing #1?
>
>
> sounds right.
Thinking about it some more, since there's nothing to send back, why
even save last received? It turns out that
complete_v1_state_transition() unconditionally saves the last
received, even when there's no reply.
I'm going to test a change where it only saves last received when
STF_REPLY (i.e., when useful). But, if it works, I'll put it on hold.
Andrew
More information about the Swan-dev
mailing list