diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/ikev1_continuations.h openswan-2.6.32-current/programs/pluto/ikev1_continuations.h
--- openswan-2.6.32-cvs-patched/programs/pluto/ikev1_continuations.h 2011-10-27 14:45:17.229069635 -0400
+++ openswan-2.6.32-current/programs/pluto/ikev1_continuations.h 2011-10-27 15:32:30.130607359 -0400
@@ -7,8 +7,6 @@
struct qke_continuation {
struct pluto_crypto_req_cont qke_pcrc;
- struct state *st; /* need to use abstract # */
- struct state *isakmp_sa; /* used in initiator */
so_serial_t replacing;
struct msg_digest *md; /* used in responder */
};
diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/ikev1_quick.c openswan-2.6.32-current/programs/pluto/ikev1_quick.c
--- openswan-2.6.32-cvs-patched/programs/pluto/ikev1_quick.c 2011-10-27 14:47:05.651990914 -0400
+++ openswan-2.6.32-current/programs/pluto/ikev1_quick.c 2011-10-27 15:32:30.131607358 -0400
@@ -701,7 +701,8 @@ init_phase2_iv(struct state *st, const m
static stf_status
quick_outI1_tail(struct pluto_crypto_req_cont *pcrc
- , struct pluto_crypto_req *r);
+ , struct pluto_crypto_req *r
+ , struct state *st);
static void
quick_outI1_continue(struct pluto_crypto_req_cont *pcrc
@@ -709,7 +710,7 @@ quick_outI1_continue(struct pluto_crypto
, err_t ugh)
{
struct qke_continuation *qke = (struct qke_continuation *)pcrc;
- struct state *const st = qke->st;
+ struct state *const st = state_with_serialno(qke->qke_pcrc.pcrc_serialno);
stf_status e;
DBG(DBG_CONTROLMORE
@@ -732,7 +733,9 @@ quick_outI1_continue(struct pluto_crypto
set_cur_state(st); /* we must reset before exit */
set_suspended(st, NULL);
- e = quick_outI1_tail(pcrc, r);
+ e = quick_outI1_tail(pcrc, r, st);
+ if (e == STF_INTERNAL_ERROR)
+ loglog(RC_LOG_SERIOUS, "%s: quick_outI1_tail() failed with STF_INTERNAL_ERROR", __FUNCTION__);
reset_globals();
}
@@ -827,8 +830,6 @@ quick_outI1(int whack_sock
, isakmp_sa->st_serialno, st->st_msgid, p2alg, pfsgroupname);
}
- qke->st = st;
- qke->isakmp_sa = isakmp_sa;
qke->replacing = replacing;
pcrc_init(&qke->qke_pcrc);
qke->qke_pcrc.pcrc_func = quick_outI1_continue;
@@ -846,12 +847,12 @@ quick_outI1(int whack_sock
static stf_status
quick_outI1_tail(struct pluto_crypto_req_cont *pcrc
- , struct pluto_crypto_req *r)
+ , struct pluto_crypto_req *r
+ , struct state *st)
{
struct qke_continuation *qke = (struct qke_continuation *)pcrc;
- struct state *st = qke->st;
+ struct state *isakmp_sa = state_with_serialno(st->st_clonedfrom);
struct connection *c = st->st_connection;
- struct state *isakmp_sa = qke->isakmp_sa;
pb_stream rbody;
u_char /* set by START_HASH_PAYLOAD: */
*r_hashval, /* where in reply to jam hash value */
@@ -860,7 +861,11 @@ quick_outI1_tail(struct pluto_crypto_req
c->spd.this.protocol || c->spd.that.protocol ||
c->spd.this.port || c->spd.that.port;
- st->st_connection = c;
+ if(isakmp_sa == NULL) {
+ /* phase1 state got deleted while cryptohelper was working */
+ loglog(RC_LOG_SERIOUS,"phase2 initiation failed because parent ISAKMP #%lu is gone", st->st_clonedfrom);
+ return STF_FATAL;
+ }
#ifdef NAT_TRAVERSAL
if (isakmp_sa->hidden_variables.st_nat_traversal & NAT_T_DETECTED) {
@@ -1981,8 +1986,6 @@ quick_inI1_outR1_authtail(struct verify_
ci = pcim_ongoing_crypto;
if(ci < st->st_import) ci = st->st_import;
- qke->st = st;
- qke->isakmp_sa = p1st;
qke->md = md;
pcrc_init(&qke->qke_pcrc);
qke->qke_pcrc.pcrc_func = quick_inI1_outR1_cryptocontinue1;
@@ -2007,7 +2010,7 @@ quick_inI1_outR1_cryptocontinue1(struct
{
struct qke_continuation *qke = (struct qke_continuation *)pcrc;
struct msg_digest *md = qke->md;
- struct state *const st = qke->st;
+ struct state *const st = state_with_serialno(qke->qke_pcrc.pcrc_serialno);
stf_status e;
DBG(DBG_CONTROLMORE
