I was testing labeled ipsec/racoon between an x86_64 with 64 bit applications
and a ppc64 with 32bit applications and racoon segfaulted when setting
the security context into the proposal from other side.
The security_ctx->ctx_strlen which is u_int16_t was not being handled
properly.
I have attached the segfault as well as the fix. I have tested fix
between 32bit-64bit and 32bit-32bit. Plan to also test 64bit-64bit
as well.
Please let me know if the patch is ok.
Regards,
Joy
segfault:
2007-03-15 10:23:34: INFO: begin Identity Protection mode.
2007-03-15 10:23:34: INFO: received Vendor ID: DPD
2007-03-15 10:23:34: INFO: ISAKMP-SA established
9.3.189.55[500]-9.3.190.213[500] spi:f17051385870af9d:67b9d401e8ce2e0a
2007-03-15 10:23:35: INFO: respond new phase 2 negotiation:
9.3.189.55[0]<=>9.3.190.213[0]
Program received signal SIGSEGV, Segmentation fault.
0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6
(gdb) where
#0 0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6
#1 0x0fec7270 in memcpy () from /lib/libc.so.6
#2 0x100423e4 in set_secctx_in_proposal (iph2=<value optimized out>, spidx=
{dir = 2 '\002', src = {ss_family = 2, __ss_align = 151239991,
__ss_padding = '\0' <repeats 119 times>}, dst = {ss_family = 2, __ss_align =
151240405, __ss_padding = '\0' <repeats 119 times>}, prefs = 32 ' ', prefd = 32
' ', ul_proto = 255, priority = 0, sec_ctx = {ctx_doi = 1 '\001', ctx_alg = 1
'\001', ctx_strlen = 10752, ctx_str =
"ealuser_u:sysadm_r:ping_t:s0-s15:c0.c1023\000\000\000\000\000\000\000\000"}})
at security.c:170
#3 0x10013fb0 in quick_r1recv (iph2=0x1008b530, msg0=0x1008b9f8)
at isakmp_quick.c:2133
#4 0x22000482 in ?? ()
#5 0x10009140 in isakmp_ph2begin_r (iph1=0x1008a178, msg=0x1008b9f8)
at isakmp.c:1298
in isakmp_main (msg=0x1008b9f8, remote=0xfd44e73c,
local=0xfd44e7bc) at isakmp.c:652
#7 0x1000a9ac in isakmp_handler (so_isakmp=<value optimized out>)
at isakmp.c:359
#8 0x10004c3c in session () at session.c:211
#9 0x100044ac in main (ac=4, av=<value optimized out>) at main.c:247
(gdb)
diff -urpN ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.c
ipsec-tools-0.6.5.patch/src/racoon/ipsec_doi.c
--- ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.c 2007-03-15
14:10:01.000000000 -0500
+++ ipsec-tools-0.6.5.patch/src/racoon/ipsec_doi.c 2007-03-15
14:19:43.000000000 -0500
@@ -3063,8 +3063,11 @@ setph2proposal0(iph2, pp, pr)
#ifdef HAVE_SECCTX
if (*pp->sctx.ctx_str) {
+ struct security_ctx secctx;
+ secctx = pp->sctx;
+ secctx.ctx_strlen = htons(pp->sctx.ctx_strlen);
x = isakmp_set_attr_v(x, IPSECDOI_ATTR_SECCTX,
- (caddr_t)&pp->sctx, truectxlen);
+ (caddr_t)&secctx, truectxlen);
}
#endif
@@ -4189,6 +4192,7 @@ ipsecdoi_t2satrns(t, pp, pr, tr)
{
int len = ntohs(d->lorv);
memcpy(&pp->sctx, d + 1, len);
+ pp->sctx.ctx_strlen = ntohs(pp->sctx.ctx_strlen);
break;
}
#endif
diff -urpN ipsec-tools-0.6.5.orig/src/racoon/security.c
ipsec-tools-0.6.5.patch/src/racoon/security.c
--- ipsec-tools-0.6.5.orig/src/racoon/security.c 2007-03-15
14:10:01.000000000 -0500
+++ ipsec-tools-0.6.5.patch/src/racoon/security.c 2007-03-15
14:19:31.000000000 -0500
@@ -153,6 +153,7 @@ get_security_context(sa, p)
return -1;
}
memcpy(&p->sec_ctx, d + 1, lorv);
+ p->sec_ctx.ctx_strlen = ntohs(p->sec_ctx.ctx_strlen);
return 0;
}
}
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
