[Openswan dev] IKEv2 with missing auth payload causes ASSERTION FAILED at programs/pluto/state.c:298: *p == st

Paul Wouters paul at xelerance.com
Wed Jan 27 15:17:11 EST 2010

I just got a report of a crasher in the ikev2 code when no auth payload is present:

In ikev2_parent.c ikev2_parent_inI2outR2_tail() we check for the auth payload:

     /* process AUTH payload */
     if(!md->chain[ISAKMP_NEXT_v2AUTH]) {
         openswan_log("no authentication payload found");
         return STF_FAIL;

If not found, we return STF_FAIL. However, we somehow end up in state.c rehash_state()
where we hit:

     /* unlink from forward chain */
     passert(*p == st);
     *p = st->st_hashchain_next;

I don't have a stack trace (yet), so I'm not sure yet what is going on. The two events
could be unrelated, though I don't think they are as they happened within the same second.
The cause here is that we received a cert without having the CAcert that signed it.


More information about the Dev mailing list