[Openswan dev] Re: Fw: [design] improper call of vsnprintf! (fwd)

Paul Wouters paul at xelerance.com
Sun Mar 21 16:26:27 CET 2004

Hugh traced a crasher related to 2.4.25 in freeswan. Openswan needs to address
this issue too.


---------- Forwarded message ----------
Date: Sun, 21 Mar 2004 01:01:25 -0500 (EST)
From: D. Hugh Redelmeier <hugh at mimosa.com>
Cc: FreeS/WAN Design <design at lists.freeswan.org>
To: Marco Berizzi <pupilla at hotmail.com>
Subject: Re: Fw: [design] improper call of vsnprintf!

| Date: Thu, 18 Mar 2004 11:28:03 +0100
| From: Marco Berizzi <pupilla at hotmail.com>

Thanks for this problem report.

I've not done any debugging of KLIPS, but I thought I'd take a look at
what you've found.

| This morning I have seen this new message on my fsw box:
| klips_error:ipsec_xmit_send: ip_send() failed, err=1
| Here is ksymoops:

| Trace; c023c8f9 <vsnprintf+499/4b0>
| Trace; c023c937 <snprintf+27/30>
| Trace; c0212dec <ipsec_lifetime_format+8c/e0>
| Trace; c02132e8 <ipsec_spi_get_info+2b8/8d0>
| Trace; c0125b57 <handle_mm_fault+77/110>
| Trace; c0130bc4 <__alloc_pages+64/290>
| Trace; c012692b <do_mmap_pgoff+3db/5f0>
| Trace; c0156bff <proc_file_read+bf/1c0>
| Trace; c0136763 <sys_read+a3/140>
| Trace; c013e3c9 <sys_fstat64+49/80>
| Trace; c010734f <system_call+33/38>

| improper call of vsnprintf!

| My env: Slackware 9.1 kernel 2.4.25 FreeS/WAN 2.05 + X509 1.5.3

I wonder if we are to trust this traceback.  For now, I'll assume that
we can.

It looks as if userland has done an fstat on /proc/net/ipsec/spi/all
file that KLIPS produces.

Hypothesis: the contents of /proc/net/ipsec/spi/all needs to be
"realized", but only to get its size.  The contents are tossed in the
bit-bucket.  Evidence: the call stack has fstat64.

Hypothesis: the way that stuff is tossed in the bit bucket is that a
null buffer is passed to ipsec_spi_get_info.

Hypothesis: passing a null buffer is new to 2.4.25 (because we've not
seen this error before).

Fact: the string "improper call of vsnprintf!" does not appear in the
source of the kernel that I use (Fedora Core 1's
linux-2.4.22-1.2174.nptl) but it does appear in 2.4.25 (which I just
fetched to figure this out).  vsnprintf in 2.4.25 seems to check for
sanity in a way that previous versions did not.

Fact: ipsec_spi_get_info does not handle a null buffer correctly.

All sprintf calls in KLIPS are suspect.  Most should be turned into
snprintf calls.  The fact that they have not is because 2.2 and 2.0
kernels did not support this, at least as far as /proc code is

This will need to be fixed.  I don't know enough about this to say
whether it will require a fork of the KLIPS code between 2.[02] and

This explains the message "improper call of vsnprintf!" and the oops,
but does not (as far as I know) explain the following:

| klips_error:ipsec_xmit_send: ip_send() failed, err=1
| sending pkt_too_big (len[1500] pmtu[1443]) to self
| sending pkt_too_big (len[1500] pmtu[1443]) to self

Hugh Redelmeier
hugh at mimosa.com  voice: +1 416 482-8253

FreeS/WAN design list.
https://mj2.freeswan.org/cgi-bin/mj_wwwusr/domain=mj2.freeswan.org to unsubscribe
------------ Output from pgp ------------
Good signature made 2004-03-21 06:01 GMT by key:
  1024 bits, Key ID CC6A7199, Created 1997-10-29
   "D. Hugh Redelmeier <hugh at mimosa.com>"
WARNING: The signing key is not trusted to belong to:
D. Hugh Redelmeier <hugh at mimosa.com>

More information about the Dev mailing list