New commits:
commit b087748a142aab2a6eb15d9fe9c2cf90f2ba9db5
Author: Andrew Cagney <[email protected]>
Date: Thu Apr 26 17:10:29 2018 -0400
ikev2: map DH=&ike_alg_dh_none into .st_pfs_group=NULL when accepting
response
In IKEv2, a proposal that contains neither INTEG nor DH transforms can
be valid - in both cases it is interpreted as proposing 'none'. When
this happen, common code expects INTEG = &ike_alg_integ_none and DH =
NULL.
This would all be ok except that there's a bug in the proposal code
when --impair allow-null-none [sic]. The result is a core dump
(INTEG=NULL, oops), and the simplest fix ends up also 'fixing' DH (as
in it will be set to &ike_alg_dh_none instead of NULL).
This patch prevents DH = &ike_alg_dh_none getting into common code.
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
