search

xelerance / Openswan

Openswan
Other
849 stars 214 forks source link

Add check null pointer of parent structure. #461

Closed AnatoliChe closed 3 years ago

AnatoliChe commented 3 years ago

We have segfault in setup_half_ipsec_sa if parent st is NULL. Core was generated by `/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipse'. Program terminated with signal SIGSEGV, Segmentation fault.

0 setup_half_ipsec_sa (parent_st=parent_st@entry=0x0, st=st@entry=0x55bfdfa00050, sr=sr@entry=0x7ffeaece2d30, inbound=inbound@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:1718

1718 const char *inbound_str = inbound ? "inbound" : "outbound"; (gdb) bt

0 setup_half_ipsec_sa (parent_st=parent_st@entry=0x0, st=st@entry=0x55bfdfa00050, sr=sr@entry=0x7ffeaece2d30, inbound=inbound@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:1718

1 0x000055bfdf7591a8 in install_ipsec_sa (parent_st=0x0, st=st@entry=0x55bfdfa00050, inbound_also=inbound_also@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:3020

2 0x000055bfdf73e6a7 in quick_inR1_outI2_cryptotail (r=r@entry=0x7ffeaece31e0, dh=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2639

3 0x000055bfdf73e96e in quick_inR1_outI2_continue (pcrc=0x55bfdf9c9df0, r=0x7ffeaece31e0, ugh=0x0) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2472

4 0x000055bfdf769d2f in handle_helper_comm (w=w@entry=0x55bfdf999440) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/pluto_crypt.c:827

5 0x000055bfdf76ab3b in pluto_crypto_helper_ready (readfds=readfds@entry=0x7ffeaece4890) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/pluto_crypt.c:1101

6 0x000055bfdf72c9e9 in call_server () at /usr/src/staging/openswan-2.6.52.3/programs/pluto/server.c:798

7 0x000055bfdf716faf in main (argc=, argv=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/plutomain.c:1134

(gdb) frame 0 (gdb) p parent_st $17 = (struct state *) 0x0

(gdb) frame 1

1 0x000055bfdf7591a8 in install_ipsec_sa (parent_st=0x0, st=st@entry=0x55bfdfa00050, inbound_also=inbound_also@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:3020

3020 if(!setup_half_ipsec_sa(parent_st, st, sr, TRUE)) {

(gdb) p parent_st $3 = (struct state *) 0x0

(gdb) frame 2

2 0x000055bfdf73e6a7 in quick_inR1_outI2_cryptotail (r=r@entry=0x7ffeaece31e0, dh=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2639

2639 if (!install_ipsec_sa(md->pst, st, TRUE)) (gdb) p md->pst $18 = (struct state *) 0x0

shussain commented 3 years ago

Thank you for the PR @AnatoliChe

I have asked @mcr to review the PR aznd provide feedback.

mcr commented 3 years ago

Your fix seems fine, but it indicates there is a bigger problem. I know that we did some work recently (not yet released), which deals with child SAs getting rekeyed after a parent SA has been replaced. I'm guessing that this is what happened, and why md->pst is NULL. In that case, it should have died earlier and rekeyed the child SA with a new parent SA, or just dropped the child SA as having been replaced already. So I approve the patch, but I'd like to know if you have a way to reproduce this, logs, etc.

AnatoliChe commented 3 years ago

Thank you, Michael! I have not way to reproduce it. I have this error when international provider try to do MtM. I believe it related with big and too smart firewall between countries, and corrupted packets. I have some core dumps -rw------- 1 root root 1171456 Jan 18 13:09 core.0.pluto.31038 -rw------- 1 root root 3366912 Jan 19 13:34 core.0.pluto.15812 -rw------- 1 root root 1167360 Jan 17 20:16 core.0.pluto.9389 -rw------- 1 root root 2940928 Dec 28 11:18 core.0.pluto.15151 -rw------- 1 root root 2535424 Dec 22 11:08 core.0.pluto.14148 -rw------- 1 root root 2813952 Dec 22 10:03 core.0.pluto.25961 -rw------- 1 root root 2805760 Dec 18 12:59 core.0.pluto.12403 -rw------- 1 root root 2572288 Dec 16 00:48 core.0.pluto.11515 -rw------- 1 root root 3088384 Dec 16 00:10 core.0.pluto.13068 -rw------- 1 root root 2580480 Dec 10 14:01 core.0.pluto.11569 -rw------- 1 root root 2813952 Dec 10 10:09 core.0.pluto.3209

AnatoliChe commented 3 years ago

| Jan 27 14:05:42: complete state transition with STF_IGNORE | Jan 27 14:05:42: processed 0 messages from cryptographic helpers | Jan 27 14:05:42: next event EVENT_DPD in 7 seconds for #483 (2021-01-27 14:05:42) | Jan 27 14:05:42: next event EVENT_DPD in 7 seconds for #483 (2021-01-27 14:05:42) | Jan 27 14:05:49:
| Jan 27 14:05:49: received 332 bytes from 192.168.1.7:500 on eth0 (port=500) at 2021-01-27 14:05:49 | Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98 97 00 89 a1 d5 c9 07 56 | Jan 27 14:05:49: 08 10 20 01 35 4b ca b0 00 00 01 4c b3 4a fc 76 | Jan 27 14:05:49: 4e 04 34 78 20 1b 05 de ea f8 62 0f bb 2f 35 65 | Jan 27 14:05:49: ff 0d 03 f5 d8 70 5f 60 ef 06 5f 73 4a 6e 1d 69 | Jan 27 14:05:49: ac 77 61 ce c0 1c d5 5c ae 18 25 fd 06 d3 3b 0b | Jan 27 14:05:49: e6 26 8d f0 96 ee 6f 88 64 7e b8 a9 f0 15 74 6d | Jan 27 14:05:49: 30 68 d6 02 6a 6f 90 56 bf c2 3d c3 d9 f9 25 1a | Jan 27 14:05:49: ed cd be 67 72 1f ad e4 59 9b dc 31 90 9a 47 31 | Jan 27 14:05:49: 70 24 6c 89 84 aa 87 30 3c 3e 2f 27 b4 66 6e 91 | Jan 27 14:05:49: ec 31 eb e3 f7 7b 29 46 6b 10 29 4d ea 8f 66 4a | Jan 27 14:05:49: cd ed cc c3 63 25 54 3f 1c 72 32 65 fe a5 ca 37 | Jan 27 14:05:49: b0 1e 79 69 c0 f3 fb e0 ef 5b bc cc 5d 19 e9 ce | Jan 27 14:05:49: 4c 67 0a 84 a7 55 cf 73 6b 4c cb 88 11 f7 22 2e | Jan 27 14:05:49: 3c a0 a3 e1 cb 12 b2 99 41 db 67 4b 08 6c 42 12 | Jan 27 14:05:49: 95 04 ee 19 52 28 c7 f4 91 bb 3f f2 b5 63 57 d2 | Jan 27 14:05:49: e1 77 ac 36 99 4a f7 74 a1 c9 fb 51 7e c4 f9 29 | Jan 27 14:05:49: f6 58 6c af af 02 65 74 66 f7 bb 72 65 35 41 74 | Jan 27 14:05:49: 67 3c c2 57 35 64 45 7e fa a1 59 21 d0 be 33 2f | Jan 27 14:05:49: e8 fe a7 a6 01 6e 1a c7 48 59 ce e9 28 60 88 ee | Jan 27 14:05:49: 1f ac 68 77 7d a9 cf 91 aa 05 9b d0 eb d7 2b 41 | Jan 27 14:05:49: 51 53 8f e1 f6 f9 6a 5e dd 28 8d 32 | Jan 27 14:05:49: parse ISAKMP Message: | Jan 27 14:05:49: initiator cookie: | Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98 | Jan 27 14:05:49: responder cookie: | Jan 27 14:05:49: 97 00 89 a1 d5 c9 07 56 | Jan 27 14:05:49: ISAKMP version: ISAKMP Version 1.0 (rfc2407) | Jan 27 14:05:49: exchange type: ISAKMP_XCHG_QUICK | Jan 27 14:05:49: flags: ISAKMP_FLAG_ENCRYPTION | Jan 27 14:05:49: message ID: 35 4b ca b0 | Jan 27 14:05:49: length: 332 | Jan 27 14:05:49: processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 894159536 | Jan 27 14:05:49: ICOOKIE: 8c d3 b0 eb f8 be 49 98 | Jan 27 14:05:49: RCOOKIE: 97 00 89 a1 d5 c9 07 56 | Jan 27 14:05:49: state hash entry 19 | Jan 27 14:05:49: v1 peer and cookies match on #488, provided msgid 354bcab0 vs 354bcab0 | Jan 27 14:05:49: v1 state object #488 found, in STATE_QUICK_I1 | Jan 27 14:05:49: processing connection 192_168_0_7-192_168_1_7 | Jan 27 14:05:49: received encrypted packet from 192.168.1.7:500 | Jan 27 14:05:49: decrypting 304 bytes using algorithm OAKLEY_AES_CBC | Jan 27 14:05:49: decrypted: | Jan 27 14:05:49: 01 00 00 18 b1 82 92 63 00 e2 44 82 91 60 f9 a2 | Jan 27 14:05:49: cf d8 7c 14 ca a8 c4 71 0a 00 00 38 00 00 00 01 | Jan 27 14:05:49: 00 00 00 01 00 00 00 2c 00 03 04 01 77 4a 6a 53 | Jan 27 14:05:49: 00 00 00 20 00 0c 00 00 80 03 00 05 80 04 00 02 | Jan 27 14:05:49: 80 01 00 01 80 02 04 b0 80 05 00 02 80 06 00 80 | Jan 27 14:05:49: 04 00 00 14 80 cf 53 35 50 e0 25 7f 1e 97 6d 9e | Jan 27 14:05:49: ba b8 1d e4 00 00 00 c4 6d 17 6c 25 d7 5b 41 c2 | Jan 27 14:05:49: f2 95 e1 bf 4b 8d ca 75 c6 d7 0a d9 1c fa 0e 0b | Jan 27 14:05:49: be 80 48 ca 5b cb 35 b2 d0 f6 c0 c4 d3 8a 2d 83 | Jan 27 14:05:49: 1f f4 f6 04 f5 eb e4 60 f1 6d d3 f1 d9 19 d1 f8 | Jan 27 14:05:49: 9f 6b 75 d3 19 e2 8a d9 0e 11 3e 7f 47 05 70 81 | Jan 27 14:05:49: e8 aa 3f 89 20 70 f7 c3 57 f6 bb 49 3b ad 5b 50 | Jan 27 14:05:49: 9e 5c 97 4f 9e da cd 08 82 8f 72 12 41 e6 8d 6b | Jan 27 14:05:49: e2 2d fd ba 2b c5 84 01 74 fd 87 c8 39 8e 4a 14 | Jan 27 14:05:49: 58 0f e8 4e 3b 8b 73 d3 5f a0 9c 44 c3 31 4e 48 | Jan 27 14:05:49: d1 50 35 0b 28 85 54 07 4c e4 7a f7 24 c7 92 bf | Jan 27 14:05:49: ff 4c f7 90 56 cd 0e c3 ce 1e b6 ba 9c 2a 4c 38 | Jan 27 14:05:49: 1a cb ce 29 50 b8 47 87 0c 44 c3 a3 0b a8 3a 4b | Jan 27 14:05:49: 6f c0 cb a7 2e 55 84 44 00 00 00 00 00 00 00 00 | Jan 27 14:05:49: next IV: eb d7 2b 41 51 53 8f e1 f6 f9 6a 5e dd 28 8d 32 | Jan 27 14:05:49: got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | Jan 27 14:05:49: **parse ISAKMP Hash Payload: | Jan 27 14:05:49: length: 24 | Jan 27 14:05:49: got payload 0x2(ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | Jan 27 14:05:49: parse ISAKMP Security Association Payload: | Jan 27 14:05:49: length: 56 | Jan 27 14:05:49: DOI: ISAKMP_DOI_IPSEC | Jan 27 14:05:49: got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | Jan 27 14:05:49: parse ISAKMP Nonce Payload: | Jan 27 14:05:49: length: 20 | Jan 27 14:05:49: got payload 0x10(ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | Jan 27 14:05:49: parse ISAKMP Key Exchange Payload: | Jan 27 14:05:49: length: 196 | Jan 27 14:05:49: removing 8 bytes of padding | Jan 27 14:05:49: emit ISAKMP Message: | Jan 27 14:05:49: initiator cookie: | Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98 | Jan 27 14:05:49: responder cookie: | Jan 27 14:05:49: 97 00 89 a1 d5 c9 07 56 | Jan 27 14:05:49: ISAKMP version: ISAKMP Version 1.0 (rfc2407) | Jan 27 14:05:49: exchange type: ISAKMP_XCHG_QUICK | Jan 27 14:05:49: flags: ISAKMP_FLAG_ENCRYPTION | Jan 27 14:05:49: message ID: 35 4b ca b0 | Jan 27 14:05:49: HASH(2) computed: | Jan 27 14:05:49: b1 82 92 63 00 e2 44 82 91 60 f9 a2 cf d8 7c 14 | Jan 27 14:05:49: ca a8 c4 71 | Jan 27 14:05:49: **parse IPsec DOI SIT: | Jan 27 14:05:49: IPsec DOI SIT: SIT_IDENTITY_ONLY | Jan 27 14:05:49: **parse ISAKMP Proposal Payload: | Jan 27 14:05:49: length: 44 | Jan 27 14:05:49: proposal number: 0 | Jan 27 14:05:49: protocol ID: PROTO_IPSEC_ESP | Jan 27 14:05:49: SPI size: 4 | Jan 27 14:05:49: number of transforms: 1 | Jan 27 14:05:49: parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | Jan 27 14:05:49: SPI 77 4a 6a 53 | Jan 27 14:05:49: *parse ISAKMP Transform Payload (ESP): | Jan 27 14:05:49: length: 32 | Jan 27 14:05:49: transform number: 0 | Jan 27 14:05:49: transform ID: ESP_AES | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: GROUP_DESCRIPTION | Jan 27 14:05:49: length/value: 5 | Jan 27 14:05:49: [5 is OAKLEY_GROUP_MODP1536] | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: ENCAPSULATION_MODE | Jan 27 14:05:49: length/value: 2 | Jan 27 14:05:49: [2 is ENCAPSULATION_MODE_TRANSPORT] | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: SA_LIFE_TYPE | Jan 27 14:05:49: length/value: 1 | Jan 27 14:05:49: [1 is SA_LIFE_TYPE_SECONDS] | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: SA_LIFE_DURATION | Jan 27 14:05:49: length/value: 1200 | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: AUTH_ALGORITHM | Jan 27 14:05:49: length/value: 2 | Jan 27 14:05:49: [2 is AUTH_ALGORITHM_HMAC_SHA1] | Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute: | Jan 27 14:05:49: af+type: KEY_LENGTH | Jan 27 14:05:49: length/value: 128 | Jan 27 14:05:49: kernel_alg_esp_enc_ok(12,128): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 | Jan 27 14:05:49: DH public value received: | Jan 27 14:05:49: 6d 17 6c 25 d7 5b 41 c2 f2 95 e1 bf 4b 8d ca 75 | Jan 27 14:05:49: c6 d7 0a d9 1c fa 0e 0b be 80 48 ca 5b cb 35 b2 | Jan 27 14:05:49: d0 f6 c0 c4 d3 8a 2d 83 1f f4 f6 04 f5 eb e4 60 | Jan 27 14:05:49: f1 6d d3 f1 d9 19 d1 f8 9f 6b 75 d3 19 e2 8a d9 | Jan 27 14:05:49: 0e 11 3e 7f 47 05 70 81 e8 aa 3f 89 20 70 f7 c3 | Jan 27 14:05:49: 57 f6 bb 49 3b ad 5b 50 9e 5c 97 4f 9e da cd 08 | Jan 27 14:05:49: 82 8f 72 12 41 e6 8d 6b e2 2d fd ba 2b c5 84 01 | Jan 27 14:05:49: 74 fd 87 c8 39 8e 4a 14 58 0f e8 4e 3b 8b 73 d3 | Jan 27 14:05:49: 5f a0 9c 44 c3 31 4e 48 d1 50 35 0b 28 85 54 07 | Jan 27 14:05:49: 4c e4 7a f7 24 c7 92 bf ff 4c f7 90 56 cd 0e c3 | Jan 27 14:05:49: ce 1e b6 ba 9c 2a 4c 38 1a cb ce 29 50 b8 47 87 | Jan 27 14:05:49: 0c 44 c3 a3 0b a8 3a 4b 6f c0 cb a7 2e 55 84 44 | Jan 27 14:05:49: started looking for secret for @192_168_0_7->@192_168_1_7 of kind PPK_PSK | Jan 27 14:05:49: actually looking for secret for @192_168_0_7->@192_168_1_7 of kind PPK_PSK | Jan 27 14:05:49: line 1: key type PPK_PSK(@192_168_0_7) to type PPK_RSA | Jan 27 14:05:49: concluding with best_match=0 lineno=-1 | Jan 27 14:05:49: 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3 | Jan 27 14:05:49: asking helper 0 to do compute dh(p2) op on seq: 990 (len=2760, pcw_work=1) | Jan 27 14:05:49: crypto helper write of request: cnt=2760<wlen=2760.
| Jan 27 14:05:49: deleting event for #488 | Jan 27 14:05:49: inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #488 | Jan 27 14:05:49: event added after event EVENT_SA_REPLACE for #483 | Jan 27 14:05:49: complete state transition with STF_SUSPEND | Jan 27 14:05:49: processed 0 messages from cryptographic helpers | Jan 27 14:05:49: next event EVENT_DPD in 0 seconds for #483 (2021-01-27 14:05:49) | Jan 27 14:05:49: time to handle event | Jan 27 14:05:49: at 2021-01-27 14:05:49 handling event EVENT_DPD | Jan 27 14:05:49: event after this is EVENT_PENDING_DDNS in 7 seconds | Jan 27 14:05:49: processing connection 10_10_10_7-10.10.11_7 ! Jan 27 14:05:49: helper 0 read 2752+4/2760 bytesfd: 8 | Jan 27 14:05:49: find_phase1_state: found SA #474 for conn '10_10_10_7-10.10.11_7' in state STATE_MAIN_I4 | Jan 27 14:05:49: DPD: processing for state #483 ("10_10_10_7-10.10.11_7") ! Jan 27 14:05:49: helper 0 doing compute dh(p2) op id: 990 | Jan 27 14:05:49: get esp.b8654f97@10.10.10.7 ! Jan 27 14:05:49: peer's g: 6d 17 6c 25 d7 5b 41 c2 f2 95 e1 bf 4b 8d ca 75 ! Jan 27 14:05:49: peer's g: c6 d7 0a d9 1c fa 0e 0b be 80 48 ca 5b cb 35 b2 ! Jan 27 14:05:49: peer's g: d0 f6 c0 c4 d3 8a 2d 83 1f f4 f6 04 f5 eb e4 60 ! Jan 27 14:05:49: peer's g: f1 6d d3 f1 d9 19 d1 f8 9f 6b 75 d3 19 e2 8a d9 | Jan 27 14:05:49: DPD: out event not sent, phase 2 active ! Jan 27 14:05:49: peer's g: 0e 11 3e 7f 47 05 70 81 e8 aa 3f 89 20 70 f7 c3 ! Jan 27 14:05:49: peer's g: 57 f6 bb 49 3b ad 5b 50 9e 5c 97 4f 9e da cd 08 | Jan 27 14:05:49: inserting event EVENT_DPD, timeout in 30 seconds for #483 ! Jan 27 14:05:49: peer's g: 82 8f 72 12 41 e6 8d 6b e2 2d fd ba 2b c5 84 01 | Jan 27 14:05:49: event added after event EVENT_DPD for #494 ! Jan 27 14:05:49: peer's g: 74 fd 87 c8 39 8e 4a 14 58 0f e8 4e 3b 8b 73 d3 | Jan 27 14:05:49: next event EVENT_PENDING_DDNS in 7 seconds ! Jan 27 14:05:49: peer's g: 5f a0 9c 44 c3 31 4e 48 d1 50 35 0b 28 85 54 07 ! Jan 27 14:05:49: peer's g: 4c e4 7a f7 24 c7 92 bf ff 4c f7 90 56 cd 0e c3 ! Jan 27 14:05:49: peer's g: ce 1e b6 ba 9c 2a 4c 38 1a cb ce 29 50 b8 47 87 ! Jan 27 14:05:49: peer's g: 0c 44 c3 a3 0b a8 3a 4b 6f c0 cb a7 2e 55 84 44 ! Jan 27 14:05:49: calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1536): 911 usec ! Jan 27 14:05:49: DH shared-secret: ! Jan 27 14:05:49: ca f4 fa 0c f5 c0 64 1f ad 5c 10 08 71 b4 b2 25 ! Jan 27 14:05:49: 78 76 18 07 02 e9 01 45 dc 03 79 c0 6e 4a 08 e3 ! Jan 27 14:05:49: f8 0b 5a d9 e5 33 11 f7 39 69 0c bc 82 75 d6 8d ! Jan 27 14:05:49: 68 e7 d2 67 a2 65 1d e6 18 55 77 62 1a 0d b9 2c ! Jan 27 14:05:49: 43 d0 c3 08 e8 10 76 be 81 12 b7 71 ee f4 07 09 ! Jan 27 14:05:49: ed 45 ce b5 0c 92 b6 0e e1 d9 95 4a 44 64 c4 5e ! Jan 27 14:05:49: 82 da 68 e3 f2 b5 b1 3a d6 a4 10 1f 4e be 54 e5 ! Jan 27 14:05:49: bd 24 ef 99 d7 a4 1e b6 56 6e 28 61 6d b8 45 7b ! Jan 27 14:05:49: 6a 8f 2c 7c a8 54 3b b5 ec 7a e4 a1 41 ea bb 64 ! Jan 27 14:05:49: 8d 24 e5 39 7d fc 79 2b ea 51 1c 23 6f 7c 57 d9 ! Jan 27 14:05:49: 3d b3 78 b7 3f 0f ef 8a 69 85 19 f9 16 5d c1 8e ! Jan 27 14:05:49: bb 95 16 a4 4e 00 c1 03 37 94 f2 c8 af ec 05 fe | Jan 27 14:05:49:
| Jan 27 14:05:49: helper 0 has finished work (cnt now 1) | Jan 27 14:05:49: helper 0 replies to id: q#990 | Jan 27 14:05:49: calling callback function 0x564be429c680 | Jan 27 14:05:49: quick inI1_outR1: calculated ke+nonce, calculating DH | Jan 27 14:05:49: processing connection 192_168_0_7-192_168_1_7 | Jan 27 14:05:49: *emit ISAKMP Hash Payload: | Jan 27 14:05:49: emitting 20 zero bytes of HASH into ISAKMP Hash Payload | Jan 27 14:05:49: emitting length of ISAKMP Hash Payload: 24 | Jan 27 14:05:49: HASH(3) computed: a1 d4 bb e4 9b 92 20 59 f3 3a bb 09 5c 74 2d 9a | Jan 27 14:05:49: HASH(3) computed: 1d 13 b6 cb | Jan 27 14:05:49: compute_proto_keymat:needed_len (after ESP enc)=16 | Jan 27 14:05:49: compute_proto_keymat:needed_len (after ESP auth)=36 | Jan 27 14:05:49: ESP KEYMAT | Jan 27 14:05:49: KEYMAT computed: | Jan 27 14:05:49: 8c 5b 17 ad ed 86 24 04 f7 b7 7f 87 31 d2 74 a2 | Jan 27 14:05:49: a7 f2 52 9e 4f f4 6b fe 42 ac 20 a3 da f4 8a 73 | Jan 27 14:05:49: ce 60 fd d2 | Jan 27 14:05:49: Peer KEYMAT computed: | Jan 27 14:05:49: 96 9e 54 49 71 eb e0 88 24 f7 d8 20 c9 33 36 21 | Jan 27 14:05:49: 14 0f e2 f3 c0 f9 9a b8 3d 76 fe 13 1e 6d 2f 87 | Jan 27 14:05:49: aa 44 ea 60 | Jan 27 14:05:49: state #488: install_ipsec_sa() for inbound and outbound | Jan 27 14:05:49: route owner of "192_168_0_7-192_168_1_7" erouted: self; eroute owner: self | Jan 27 14:05:49: could_route called for 192_168_0_7-192_168_1_7 (kind=CK_PERMANENT) | Jan 27 14:05:49: state #488: now setting up incoming SA Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (2) is exiting normally Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (1) is exiting normally Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (0) is exiting normally Segmentation fault (core dumped)

shussain commented 3 years ago

Thank you @AnatoliChe

I have cherry-picked it into the master branch.