[Openswan dev] LEAK_DETECTIVE hits passert()

D. Hugh Redelmeier hugh at mimosa.com
Thu Dec 2 12:46:27 EST 2010


| From: Tuomo Soini <tis at foobar.fi>

| with ElectricFence pluto won't even startup with my config :-)
| 
| #0  0x00002b13df8d2ceb in osw_alias_cmp (needle=0x7fff5a71acf0 "bcg/2x0",
|     haystack=0x2aaaaab1cffc "bcg")
|     at /builddir/build/BUILD/openswan-2.6.32rc3/lib/libwhack/aliascomp.c:50

osw_alias_cmp has a bug.

                s += nlen;
                while(*s!='\0' && *s!=' ' && *s!='\t') s++;

should be something like (UNTESTED):

        for (;;) {
            s++;
            if (*s == '\0')
                break;	/* or return FALSE: we're done */
            if (*s == ' ' || *s == '\t') {
		/* at whitespace: start next scan right after */
                s++;
                break;
            }
        }

Why?  We should advance in s to the next possible match.  That is not
nlen characters hence, but only 1 character hence.  And then we should
start the attempt AFTER the next whitespace character, not at it.

So this code has probably never found a match that didn't start at
offset 0 in haystack.  Why?  Because every search after the first
starts looking at a whitespace character and that cannot match.

But the actuall bug that caused the dump is that the remainder of haystack might not
even be nlen long, so scan of s may skip the NUL at the end.

Does that mean that the scan is redundant?


More information about the Dev mailing list