Latest -CURRENT iked(8) dumps core on a seemingly invalid transformation,
although this specific value is listed in iked.conf(8). Using "aes-256"
for example works, turns out this effects only those that are specified
with "[ESP only]" in the manual. ESP is the default and manually
specifying it to ensure the transformation is valid does not help.
Minimal reproducer:
# cat /etc/iked.conf
ikev2 from any to any ikesa enc aes-256-gcm
# ./obj/iked -n
/etc/iked.conf: 1: aes-256-gcm not a valid transform
Segmentation fault (core dumped)
Backtrace of above invocation:
[New process 464271]
Core was generated by `iked'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000003dfe6c5946d in copy_transforms (type=1, xfs=0x3e285cf7fd0, nxfs=1,
dst=0x7f7ffffca448, ndst=0x7f7ffffca43c, src=0x3dfe6c605a0
<ikev2_default_ike_transforms>, nsrc=11) at /s/sbin/iked/parse.y:2647
2647 b->xform_id = xf->id;
#0 0x000003dfe6c5946d in copy_transforms (type=1, xfs=0x3e285cf7fd0, nxfs=1,
dst=0x7f7ffffca448, ndst=0x7f7ffffca43c, src=0x3dfe6c605a0
<ikev2_default_ike_transforms>, nsrc=11) at /s/sbin/iked/parse.y:2647
#1 0x000003dfe6c5a0c3 in create_ike (name=0x0, af=0, ipproto=0 '\000',
hosts=0x3e2a547d360, peers=0x3e200e4d490, ike_sa=0x3e215d80d10, ipsec_sa=0x0,
saproto=3 '\003', flags=0 '\000', srcid=0x0, dstid=0x0, ikelifetime=0,
lt=0x3e200e4e8e0, authtype=0x3e200e4ecf0, filter=0x0, ikecfg=0x0) at
/s/sbin/iked/parse.y:2832
#2 0x000003dfe6c53e65 in yyparse () at /s/sbin/iked/parse.y:482
#3 0x000003dfe6c52a4b in parse_config (filename=0x3e23aca9560
"/etc/iked.conf", x_env=0x3e23aca9560) at /s/sbin/iked/parse.y:1596
#4 0x000003dfe6c12a79 in parent_configure (env=0x3e23aca9560) at
/s/sbin/iked/iked.c:198
#5 0x000003dfe6c1267c in main (argc=0, argv=0x7f7ffffcd598) at
/s/sbin/iked/iked.c:183
`xf' is NULL but gets dereferenced.
I have not tried older versions of iked(8) and can only take a closer
look at it this weekend, so pardon the scarse report.
