On Tue, Nov 25, 2014 at 05:35:19PM +0100, Mike Belopuhov wrote:
[...]
>
> seƱior pedro@ was kind enough to send a potential fix for this.
> this will be commited soon.
>
>
> diff --git sbin/iked/ca.c sbin/iked/ca.c
> index e43b58b..a008f99 100644
> --- sbin/iked/ca.c
> +++ sbin/iked/ca.c
> @@ -534,7 +534,7 @@ ca_reload(struct iked *env)
> X509_OBJECT *xo;
> X509 *x509;
> DIR *dir;
> - int i, len, iovcnt = 2;
> + int i, len, iovcnt = 0;
>
> /*
> * Load CAs
> @@ -620,8 +620,10 @@ ca_reload(struct iked *env)
> env->sc_certreqtype = IKEV2_CERT_X509_CERT;
> iov[0].iov_base = &env->sc_certreqtype;
> iov[0].iov_len = sizeof(env->sc_certreqtype);
> + iovcnt++;
> iov[1].iov_base = ibuf_data(env->sc_certreq);
> iov[1].iov_len = ibuf_length(env->sc_certreq);
> + iovcnt++;
>
> log_debug("%s: loaded %zu ca certificate%s", __func__,
> ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH,
> @@ -677,6 +679,8 @@ ca_reload(struct iked *env)
>
> iov[0].iov_base = &env->sc_certreqtype;
> iov[0].iov_len = sizeof(env->sc_certreqtype);
> + if (iovcnt == 0)
> + iovcnt++;
> (void)proc_composev_imsg(&env->sc_ps, PROC_IKEV2, -1,
> IMSG_CERTREQ, -1, iov, iovcnt);
> Welp, with this fix I can't get iked to crash no more, and I did try several times. Looks like pedro@ got things right. Thank you all for your help ! -- Vincent
pgpVpOvEZDU3F.pgp
Description: PGP signature
