[Openswan dev] eclipsed() function severely broken

Paul Wouters paul at xelerance.com
Tue Aug 9 12:26:23 EDT 2011


Avesh pointed out this function:

struct connection *
eclipsed(struct connection *c, struct spd_route **esrp)
{
     struct connection *ue;
     struct spd_route *sr1 = &c->spd;

     ue = NULL;

     while (sr1 != NULL && ue != NULL)
     {
         for (ue = connections; ue != NULL; ue = ue->ac_next)
         {
             struct spd_route *srue = &ue->spd;

             while (srue != NULL
             && srue->routing == RT_ROUTED_ECLIPSED
             && !(samesubnet(&sr1->this.client, &srue->this.client)
                  && samesubnet(&sr1->that.client, &srue->that.client)))
             {
                 srue = srue->next;
             }
             if (srue != NULL && srue->routing==RT_ROUTED_ECLIPSED)
             {
                 *esrp = srue;
                 break;
             }
         }
     }
     return ue;
}

It has several issues.

For one, the outer while loop never runs because ue == NULL

Second, even if we remove that condition, we have a while loop that runs
if sr1 != NUL, but sr1 (or c->spd) is never changed in the loop. So we'd
end up with an infinite loop.

Michael: Could this be related to our co-terminal issue?

I think this is meant, but I'd like to have some more eye balls look at it:

struct connection *
eclipsed(struct connection *c, struct spd_route **esrp)
{
     struct connection *ue;
     struct spd_route *sr1 = &c->spd;

     if (sr1 == NULL) return NULL;

     ue = NULL;

     for (ue = connections; ue != NULL; ue = ue->ac_next)
         {
             struct spd_route *srue = &ue->spd;

             while (srue != NULL
             && srue->routing == RT_ROUTED_ECLIPSED
             && !(samesubnet(&sr1->this.client, &srue->this.client)
                  && samesubnet(&sr1->that.client, &srue->that.client)))
             {
                 srue = srue->next;
             }
             if (srue != NULL && srue->routing==RT_ROUTED_ECLIPSED)
             {
                 *esrp = srue;
                 break;
             }
         }

     return ue;
}




More information about the Dev mailing list