[Openswan dev] LEAK_DETECTIVE hits passert()
D. Hugh Redelmeier
hugh at mimosa.com
Thu Dec 2 12:46:27 EST 2010
| From: Tuomo Soini <tis at foobar.fi>
| with ElectricFence pluto won't even startup with my config :-)
|
| #0 0x00002b13df8d2ceb in osw_alias_cmp (needle=0x7fff5a71acf0 "bcg/2x0",
| haystack=0x2aaaaab1cffc "bcg")
| at /builddir/build/BUILD/openswan-2.6.32rc3/lib/libwhack/aliascomp.c:50
osw_alias_cmp has a bug.
s += nlen;
while(*s!='\0' && *s!=' ' && *s!='\t') s++;
should be something like (UNTESTED):
for (;;) {
s++;
if (*s == '\0')
break; /* or return FALSE: we're done */
if (*s == ' ' || *s == '\t') {
/* at whitespace: start next scan right after */
s++;
break;
}
}
Why? We should advance in s to the next possible match. That is not
nlen characters hence, but only 1 character hence. And then we should
start the attempt AFTER the next whitespace character, not at it.
So this code has probably never found a match that didn't start at
offset 0 in haystack. Why? Because every search after the first
starts looking at a whitespace character and that cannot match.
But the actuall bug that caused the dump is that the remainder of haystack might not
even be nlen long, so scan of s may skip the NUL at the end.
Does that mean that the scan is redundant?
More information about the Dev
mailing list