[Openswan dev] eclipsed() function severely broken
Paul Wouters
paul at xelerance.com
Tue Aug 9 12:26:23 EDT 2011
Avesh pointed out this function:
struct connection *
eclipsed(struct connection *c, struct spd_route **esrp)
{
struct connection *ue;
struct spd_route *sr1 = &c->spd;
ue = NULL;
while (sr1 != NULL && ue != NULL)
{
for (ue = connections; ue != NULL; ue = ue->ac_next)
{
struct spd_route *srue = &ue->spd;
while (srue != NULL
&& srue->routing == RT_ROUTED_ECLIPSED
&& !(samesubnet(&sr1->this.client, &srue->this.client)
&& samesubnet(&sr1->that.client, &srue->that.client)))
{
srue = srue->next;
}
if (srue != NULL && srue->routing==RT_ROUTED_ECLIPSED)
{
*esrp = srue;
break;
}
}
}
return ue;
}
It has several issues.
For one, the outer while loop never runs because ue == NULL
Second, even if we remove that condition, we have a while loop that runs
if sr1 != NUL, but sr1 (or c->spd) is never changed in the loop. So we'd
end up with an infinite loop.
Michael: Could this be related to our co-terminal issue?
I think this is meant, but I'd like to have some more eye balls look at it:
struct connection *
eclipsed(struct connection *c, struct spd_route **esrp)
{
struct connection *ue;
struct spd_route *sr1 = &c->spd;
if (sr1 == NULL) return NULL;
ue = NULL;
for (ue = connections; ue != NULL; ue = ue->ac_next)
{
struct spd_route *srue = &ue->spd;
while (srue != NULL
&& srue->routing == RT_ROUTED_ECLIPSED
&& !(samesubnet(&sr1->this.client, &srue->this.client)
&& samesubnet(&sr1->that.client, &srue->that.client)))
{
srue = srue->next;
}
if (srue != NULL && srue->routing==RT_ROUTED_ECLIPSED)
{
*esrp = srue;
break;
}
}
return ue;
}
More information about the Dev
mailing list