[Openswan Users] passert(st->st_suspended_md->st == st) fix
Paul Wouters
paul at xelerance.com
Fri Jul 22 03:37:21 CEST 2005
On Thu, 21 Jul 2005, Steve wrote:
> When I select auth by secret but do not provide any psk to the local server
> (remote server does have psk):
>
> ipsec auto --up Conn171
> 104 "Conn171" #2: STATE_MAIN_I1: initiate
> 003 "Conn171" #2: received Vendor ID payload [Dead Peer Detection]
> 003 "Conn171" #2: Can't authenticate: no preshared key found for
> `192.168.250.198' and `192.168.250.171'. Attribute
> OAKLEY_AUTHENTICATION_METHOD
> 003 "Conn171" #2: no acceptable Oakley Transform
> 214 "Conn171" #2: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN
>
> After waiting for a while it stucked at this stage so i pressed CTRL-C. And I
> try again:
>
> ipsec auto --up Conn171
>
> This time again nothing coming out (which i think is correct because it's in
> hold stage). Now, i try to bring it down:
>
> ipsec auto --down Conn171
> 003 "Conn171" #2: *ASSERTION FAILED at state.c:316: st->st_suspended_md->st
> == st***
Excellent! This gave me enough information to finally reproduce this crasher
myself.
I have applied a fix in the 2_4_X branch. Michael will have a look at it for
HEAD. With this fix, I can no longer crash the connection in this way.
the fix is in programs/pluto/state.c:
*** 311,317 ****
delete_dpd_event(st);
/* if there is a suspended state transition, disconnect us */
! if (st->st_suspended_md != NULL)
{
passert(st->st_suspended_md->st == st);
st->st_suspended_md->st = NULL;
--- 311,317 ----
delete_dpd_event(st);
/* if there is a suspended state transition, disconnect us */
! if (st != NULL && st->st_suspended_md != NULL)
{
passert(st->st_suspended_md->st == st);
st->st_suspended_md->st = NULL;
Thanks for the report!
Paul
More information about the Users
mailing list