[Openswan dev] [PATCH] Safety check to send_packet() in server.c to prevent segfault.

Michael H. Warfield mhw at WittsEnd.com
Sat Mar 13 11:14:38 EST 2010 

Grrr...

Two in a row following up on my own patches.

Please ignore previous patch.  It would work perfectly fine, but, in my
haste, I used the wrong logging function (log_errno when errno is
irrelevant) and it shouldn't have only been verbose.  Fixed to use
loglog and RC_LOG_SERIOUS like orient() does.

New patch attached.  Sorry about that...

Mike

On Sat, 2010-03-13 at 10:53 -0500, Michael H. Warfield wrote: 
> Hey all!
> 
> I seem to have managed to find a way to confuse pluto just by "auto --up
> conn" followed later by "auto --down conn" followed later by "auto --up
> conn" again.  At that point, orient() is confused and claims that both
> ends are on our interface and pluto then segfaults in send_packet() in
> server.c when it tries to dereference a NULL pointer for the interface
> that was NULLed but orient().
> 
> There are obviously 3 problems here.
> 
> 1) orient() is confused.  The internal spd database seems to be in a bad
> unrecoverable state and orient() can't figure out which end is up.
> 
> 2) The connection attempt is allowed to continue even after orient()
> fails.
> 
> 3) send_packet() doesn't check if the interface is NULL before trying to
> dereference it and segfaults.
> 
> This patch addresses point number 3 and only point number 3.  It adds a
> safety check to send_packet to make sure the interface is not NULL and
> fails if it is.  No more segfault.
> 
> What then happens is that the connection errors but continues to retry
> as if it had timed out, retrying in 20s and then 40s, etc, etc.  Ok...
> That recurses back to problem #2.  But if this can happen in this one
> case, there's always the possibility of another somewhere so this safety
> should be needed even after fixing the other two, so this one goes
> first.
> 
> Regards,
> Mike

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openswan-2.6.24-send-packet-safety.diff
Type: text/x-patch
Size: 766 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20100313/6b973305/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20100313/6b973305/attachment-0001.bin

More information about the Dev mailing list