[strongSwan-dev] strongSwan 5.4.0 and NULL streq() causing VICI crash

Andreas Steffen andreas.steffen at strongswan.org
Wed Apr 13 22:36:57 CEST 2016

Hi Ryan,

I think the streq() check is the most important fix since the 5.4.0
stable release. The next release is scheduled for the second half of
June 2016.

Best regards


On 13.04.2016 22:16, Ruel, Ryan wrote:
> Folks,
> I've recently upgraded to strongSwan 5.4.0, and found that when using
> VICI to configure connections it resulted in a charon crash (segfault).
>   I traced the problem to child_cfg.c, with the new "equals" method that
> was added in 5.4.0.  It seems that since my VICI client doesn't set the
> "updown" script parameter for the connection, it results in a NULL
> string compare in that "equals" method.
> Looking at the latest GIT repository, I saw that in string.h some checks
> have been added which prevent performing a strcmp on a NULL value.  Back
> porting this fix to 5.4.0 fixes my charon crash issue.
> I have concerns about doing this, however, as I'm wondering if there are
> other changes I should also back port.
> When is the next point release going to be available which will
> incorporate all of these fixes?
> /Ryan
> _______________________________________________
> Dev mailing list
> Dev at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160413/afbff127/attachment.bin>

More information about the Dev mailing list