[strongSwan] strongswan 5.8.3 core dump

Tobias Brunner tobias at strongswan.org
Thu Mar 26 08:45:15 CET 2020

Hi Marco,

> Here is the charon.log: I hope it will be useful for you.

Thanks for the update.  This is a bug introduced with the changes that
attempt to keep the proposal selection for IKEv1 more consistent
(returning the lifetimes of the actually selected transform and the
correct proposal and transform IDs).  Determining the correct lifetimes
now depends on the selected proposal/transform.  Unfortunately, there
was one location in the code (as Quick Mode responder) where the
proposal might not be defined when the lifetimes are determined.  This
caused the crash here as no matching proposal was selected:

> [CFG] <apsil-|25> selecting proposal:
> [CFG] <apsil-|25>   no acceptable DIFFIE_HELLMAN_GROUP found
> [CFG] <apsil-|25> selecting proposal:
> [CFG] <apsil-|25>   no acceptable ENCRYPTION_ALGORITHM found
> [CFG] <apsil-|25> received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
> [CFG] <apsil-|25> configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ

I pushed a fix to master [1].  I guess we'll be releasing 5.8.4 soon.


[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=cb26c554

More information about the Users mailing list