[Openswan Users] Pluto restart caused by incoming packet possible DOS

Paul Wouters paul at xelerance.com
Thu Apr 30 19:27:04 EDT 2009


On Thu, 30 Apr 2009, Erich Titl wrote:

>>> Apr 30 08:57:27 gatekeeper-internal pluto[1143]: FATAL ERROR: packet
>>> from 80.238.212.245:47156: unable to malloc 0 bytes for message buffer
>>> in comm_handle()
>>
>> Are you sure your server did not just leak memory and ran out of ram?
>> That's
>> what the error implies.
>
> The server definitely did not run out of memory, I am running cacti
> against it and the graph does not show anything alike. Also these
> servers typically run 7x24 for months and years with many tunnels open
> and I never saw anything alike.

Well, check the code...

void
comm_handle(const struct iface_port *ifp)
{
     static struct msg_digest *md;

     md = alloc_md();

Note that nothing of the packet is actually used here, and you crashed.
You did not crash on a malicious packet, you crashed do to an internal
problem.

But without a core file or other data, there is not much to post mortem
on.

Paul


More information about the Users mailing list