Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: [Bugs] pluto 1.95 crashes

From: Bryan Bayerdorffer (bryan.bayerdorffer_at_analog.com)
Date: Tue Mar 19 2002 - 23:33:49 CET

Next message: Wernig Markus: "Re: [Users] subnet to subnet nojoy"
Previous message: Henry Spencer: "Re: [Users] Encryption Power On Self Test..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I haven't been getting mail from the bugs list even though mailman insists that
I'm susbscribed, so this reply was delayed until I thought to check the archives.

It seems that the Debian 1.95 build does NOT contain the AES patch. --status
shows nothing like the output Andreas mentioned. I'm going to try re-upgrading
to 1.95 and see if any of the recent Debian library updates have made the
problem go away.

"D. Hugh Redelmeier" wrote:
> > | From: Bryan Bayerdorffer <bryan.bayerdorffer_at_analog.com>
> |
> | 1.95 from debian package, custom 2.4.17 (also tried .18) kernel. 1.95 was
> | running ok with 2.4.17 before upgrading from debian stable to unstable.
library
> | incomaptibility?
> > I don't recognize this bug. I also don't recognize the source: the
> assertion failed in a line that isn't in 1.95. I am guessing that the
> reason is that you are using the X.509 patch. So I guess that this is
> one for Andreas.
> > A core dump might help. So too a barf.
> > Hugh Redelmeier
> hugh_at_mimosa.com voice: +1 416 482-8253

Bryan, I think you are using a debian release containing the AES patch
v0.7.2a from JuanJo Ciarlante which has a dynamic memory allocation bug
causing memory to be freed multiple times. Unfortunately the X.509
patch gets these memory chunks leading to the strange crash you
describe above. The bug posting

http://lists.freeswan.org/pipermail/bugs/2002-March/000210.html

explains the details.

To make sure that your release contains the AES patch, type

ipsec auto --status

and verify if something of the kind

00 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP encrypt: id=12, name=ESP_AES
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1

can be found near the top of the listing.

To fix this bug you can use the incremental patch from JuanJo
attached to this mail. Apply it in the top freeswan-1.95 source directory
and type

   make programs
   make install
   ipsec setup restart

to recompile and restart Pluto.

Regards

Andreas

P.S. The bug has been fixed in v0.7.2b of the AES patch and the
corrected version can be downloaded from

http://www.irrigacion.gov.ar/juanjo/ipsec/

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Wernig Markus: "Re: [Users] subnet to subnet nojoy"
Previous message: Henry Spencer: "Re: [Users] Encryption Power On Self Test..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST