[strongSwan-dev] [PATCH] Do not touch child from collision if peer deleted it
Thomas Egerer
thomas.egerer at secunet.com
Mon Aug 2 16:56:00 CEST 2010
Hello Martin, *,
Please take a look at the chart and you'll notice that if
for any reason the order of the packet processing is like
illustrated we get a segfault in
src/libcharon/sa/tasks/child_rekey.c:244
since child_sa has already been nuked be the peer's delete
notification:
<snip>
242 /* disable close action for the redundand child */
243 child_sa = other->child_create->get_child(other->child_create);
244 child_sa->set_close_action(child_sa, ACTION_NONE);
<snap>
Here's the chart:
max huckebein
rrq \ / rrq
\ /
\/
/\
/ \
< >
rrs \
\
\
\
\
> collision
/ detect
/ irq
/
/
/
irs <
\
\
\
\
>
collision X
detect X
irq !SEGFAULT!
c == child_sa
i == informational [delete]
r == rekey
rq == request
rs == response
Find the patch to solve this attached and consider it for inclusion.
Thank you,
Thomas
P.S.: No signature this time ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Do-not-touch-child-from-collision-if-peer-deleted-it.patch
Type: text/x-patch
Size: 2514 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100802/1d0af958/attachment.bin>
More information about the Dev
mailing list