[Openswan dev] problems with clear-or-private food group

Michael Richardson mcr at sandelman.ottawa.on.ca
Wed Apr 18 23:42:22 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


There is some problem in programs/pluto/connections.c where a connection
gets matched into a clear-or-private food group incorrectly.
This seems to affect 2.4.6, 2.4.7, 2.4.8 and 2.5.10.

It probably affects previous versions as well.

We will have to create some sensible unit testing for the
find_connection..() code.

When the connection gets matched wrong, the DNS request fails for it,
and this does some memory damage to the state table, resulting in a
failure.

For the moment, the solution is to never put anything into the
clear-or-private food group.  If you need that functionality, write
an explicit conn that is "auto=add".

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRiblHYCLcPvd0N1lAQLF0AgAhbQYmf4+LI+JuICYou4j+EUX5kohPgc5
gvOqqWbFsTZDA5sgHzGXuIJ0iFGFT+Q6J+nusI2ZEb4oh7o1+RXPXh76oJteGloW
0bXKh3FBpK6OVaKmgi+EkrdXmjRgyeOSqQbjoVnlQixsg0o3GObEI+GkFbmkpwM+
DcIb00CRK4udeMvtyomMbnvM9ICyRDqAZFKgBhJxK6IQvpUHpSowgdUEXI682uoq
oeFl+RoGSVBJIqZZY5lXAA+5d/QoxxkU2mnAapAMZruESpug+nHNJCQL53Gep3vA
1xdrVhMgHgz7EUUcpLRmlvYeBQShlWUAudepLF/VZjn2sZxwZ7HmzA==
=p5aQ
-----END PGP SIGNATURE-----


More information about the Dev mailing list