Yea, My fix is similar except I moved the code to before the switch - this bug really isn't specific to PAM and other XAUTH algorithms need to do the same thing. I'll push my fix
Andrew On 19 October 2017 at 15:41, Antony Antony <[email protected]> wrote: > On Thu, Oct 19, 2017 at 10:38:57AM -0400, Andrew Cagney wrote: > > where it sends out the AUTH reply (an st_event), and a short while later > > sends out an XAUTH request (an st_send_xauth_event, recent changes mean > it > > is generated from scratch and doesn't replace the AUTH reply?). > > > > With this, the problem I'm seeing is that when the initiator comes back > > with its XAUTH reply, the responder, in xauth_launch_authent() needs to > > cancel both the RETRANSMIT and the SEND_XAUTH but it only cancels the > first > > and only when PAM. This lets SEND_XAUTH fire repeatedly and even after > PAM > > finishes and the final reply sent, and its code uses change_state() to > > blungeon the state back to XAUTH_R0 resulting in much confusion. > > here is a fix that comes to my mind. > I am hopping this works for aggressive mode and main mode. > > -antony >
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
