The function main_inI1_outI1 increments numvidtosend when it calculates what vendor IDs will be sent. It then decrements it when actually sending out those IDs.
Therefore it is paramount that the same condition be used in both cases for a given vendor ID. However, for nat_traversal we end up using different conditions, causing a potential imbalance and crash. This patch fixes it by using the same condition for both. Signed-off-by: Herbert Xu <[email protected]> diff --git a/programs/pluto/ikev1_main.c b/programs/pluto/ikev1_main.c index bc65479..47f4710 100644 --- a/programs/pluto/ikev1_main.c +++ b/programs/pluto/ikev1_main.c @@ -790,7 +790,7 @@ stf_status main_inI1_outR1(struct msg_digest *md) } /* Increase VID counter for NAT-T VID */ - if (nat_traversal_enabled && md->quirks.qnat_traversal_vid != VID_none) { + if (st->hidden_variables.st_nat_traversal != LEMPTY) { DBG(DBG_NATT, DBG_log("nat-t detected, sending nat-t VID")); numvidtosend++; } -- Email: Herbert Xu <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
