diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/ikev1_continuations.h openswan-2.6.32-current/programs/pluto/ikev1_continuations.h --- openswan-2.6.32-cvs-patched/programs/pluto/ikev1_continuations.h 2011-10-27 14:45:17.229069635 -0400 +++ openswan-2.6.32-current/programs/pluto/ikev1_continuations.h 2011-10-27 15:32:30.130607359 -0400 @@ -7,8 +7,6 @@ struct qke_continuation { struct pluto_crypto_req_cont qke_pcrc; - struct state *st; /* need to use abstract # */ - struct state *isakmp_sa; /* used in initiator */ so_serial_t replacing; struct msg_digest *md; /* used in responder */ }; diff -urNp openswan-2.6.32-cvs-patched/programs/pluto/ikev1_quick.c openswan-2.6.32-current/programs/pluto/ikev1_quick.c --- openswan-2.6.32-cvs-patched/programs/pluto/ikev1_quick.c 2011-10-27 14:47:05.651990914 -0400 +++ openswan-2.6.32-current/programs/pluto/ikev1_quick.c 2011-10-27 15:32:30.131607358 -0400 @@ -701,7 +701,8 @@ init_phase2_iv(struct state *st, const m static stf_status quick_outI1_tail(struct pluto_crypto_req_cont *pcrc - , struct pluto_crypto_req *r); + , struct pluto_crypto_req *r + , struct state *st); static void quick_outI1_continue(struct pluto_crypto_req_cont *pcrc @@ -709,7 +710,7 @@ quick_outI1_continue(struct pluto_crypto , err_t ugh) { struct qke_continuation *qke = (struct qke_continuation *)pcrc; - struct state *const st = qke->st; + struct state *const st = state_with_serialno(qke->qke_pcrc.pcrc_serialno); stf_status e; DBG(DBG_CONTROLMORE @@ -732,7 +733,9 @@ quick_outI1_continue(struct pluto_crypto set_cur_state(st); /* we must reset before exit */ set_suspended(st, NULL); - e = quick_outI1_tail(pcrc, r); + e = quick_outI1_tail(pcrc, r, st); + if (e == STF_INTERNAL_ERROR) + loglog(RC_LOG_SERIOUS, "%s: quick_outI1_tail() failed with STF_INTERNAL_ERROR", __FUNCTION__); reset_globals(); } @@ -827,8 +830,6 @@ quick_outI1(int whack_sock , isakmp_sa->st_serialno, st->st_msgid, p2alg, pfsgroupname); } - qke->st = st; - qke->isakmp_sa = isakmp_sa; qke->replacing = replacing; pcrc_init(&qke->qke_pcrc); qke->qke_pcrc.pcrc_func = quick_outI1_continue; @@ -846,12 +847,12 @@ quick_outI1(int whack_sock static stf_status quick_outI1_tail(struct pluto_crypto_req_cont *pcrc - , struct pluto_crypto_req *r) + , struct pluto_crypto_req *r + , struct state *st) { struct qke_continuation *qke = (struct qke_continuation *)pcrc; - struct state *st = qke->st; + struct state *isakmp_sa = state_with_serialno(st->st_clonedfrom); struct connection *c = st->st_connection; - struct state *isakmp_sa = qke->isakmp_sa; pb_stream rbody; u_char /* set by START_HASH_PAYLOAD: */ *r_hashval, /* where in reply to jam hash value */ @@ -860,7 +861,11 @@ quick_outI1_tail(struct pluto_crypto_req c->spd.this.protocol || c->spd.that.protocol || c->spd.this.port || c->spd.that.port; - st->st_connection = c; + if(isakmp_sa == NULL) { + /* phase1 state got deleted while cryptohelper was working */ + loglog(RC_LOG_SERIOUS,"phase2 initiation failed because parent ISAKMP #%lu is gone", st->st_clonedfrom); + return STF_FATAL; + } #ifdef NAT_TRAVERSAL if (isakmp_sa->hidden_variables.st_nat_traversal & NAT_T_DETECTED) { @@ -1981,8 +1986,6 @@ quick_inI1_outR1_authtail(struct verify_ ci = pcim_ongoing_crypto; if(ci < st->st_import) ci = st->st_import; - qke->st = st; - qke->isakmp_sa = p1st; qke->md = md; pcrc_init(&qke->qke_pcrc); qke->qke_pcrc.pcrc_func = quick_inI1_outR1_cryptocontinue1; @@ -2007,7 +2010,7 @@ quick_inI1_outR1_cryptocontinue1(struct { struct qke_continuation *qke = (struct qke_continuation *)pcrc; struct msg_digest *md = qke->md; - struct state *const st = qke->st; + struct state *const st = state_with_serialno(qke->qke_pcrc.pcrc_serialno); stf_status e; DBG(DBG_CONTROLMORE