Top posting just for context. This sounds like the kind of thing that efence would catch.
I think that efence would not significantly increase the runtime of our test suit (this needs to be verified). It would significantly improve the chance of catching errors like this. It is true that we had a pool of unused mds to reduce the pressure on malloc. That would mean that efence would be ineffective for most mds. I think that Andrew removed this pool. In any case, there was a compile-time flag to remove it. Recommendation: enable efence in test suite. | From: Andrew Cagney <[email protected]> | To: [email protected] | | New commits: | commit 52138cfdf3e6b2c386833e45117895c7cf4f2109 | Author: Andrew Cagney <[email protected]> | Date: Mon Jan 15 10:51:25 2018 -0500 | | ikev2: add debug-log to show a use-after-free | | If the initial initator receives an MD containing INVALID_KE | it deletes the MD, and then kicks of a new KE calculation | passing that a fake-md. | | Problem is in complete_v2_state_transition() which gets passed | a reference to the original, and now deleted MD and then tries | to use that to find ST. Just by luck, the fake_md, gets allocated | the same location as the deleted MD. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
