Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

To: ipsec-tools-devel%lists.sourceforge.net@localhost, current-users%NetBSD.org@localhost
Subject: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
From: "S.P.Zeidler" <spz%serpens.de@localhost>
Date: Wed, 29 Oct 2008 13:16:24 +0100

Hi,

Thus wrote VANHULLEBUS Yvan (vanhu%free.fr@localhost):

> On Sun, Oct 26, 2008 at 12:31:21PM +0100, S.P.Zeidler wrote:

[...]

> > And also that you may get 'racoon: stack overflow detected; terminated'
> > when using racoon -F -d and IPv6 at the same time? The latter is
> > restricted to the debug mode, just racoon -F doesn't go splat.
> 
> Definitely looks like a bug :-)
> 
> Can you provide us more informations about that (a backtrace, some
> more logs, etc...) ?

Opposition against committing the following?

--- snip ---
Index: ipsec_doi.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c,v
retrieving revision 1.36
diff -u -r1.36 ipsec_doi.c
--- ipsec_doi.c 14 Jul 2008 05:45:15 -0000      1.36
+++ ipsec_doi.c 29 Oct 2008 12:13:07 -0000
@@ -4486,7 +4486,7 @@
        char *dat;
        static char buf[BUFLEN];
        struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v;
-       struct sockaddr saddr;
+       struct sockaddr_storage saddr;
        u_int plen = 0;
 
        switch (id_b->type) {
@@ -4495,9 +4495,9 @@
        case IPSECDOI_ID_IPV4_ADDR_RANGE:
 
 #ifndef __linux__
-               saddr.sa_len = sizeof(struct sockaddr_in);
+               ((struct sockaddr *)&saddr)->sa_len = sizeof(struct 
sockaddr_in);
 #endif
-               saddr.sa_family = AF_INET;
+               ((struct sockaddr *)&saddr)->sa_family = AF_INET;
                ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY;
                memcpy(&((struct sockaddr_in *)&saddr)->sin_addr,
                        id->v + sizeof(*id_b), sizeof(struct in_addr));
@@ -4508,12 +4508,16 @@
        case IPSECDOI_ID_IPV6_ADDR_RANGE:
 
 #ifndef __linux__
-               saddr.sa_len = sizeof(struct sockaddr_in6);
+               ((struct sockaddr *)&saddr)->sa_len = sizeof(struct 
sockaddr_in6);
 #endif
-               saddr.sa_family = AF_INET6;
+               ((struct sockaddr *)&saddr)->sa_family = AF_INET6;
                ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY;
                memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr,
                        id->v + sizeof(*id_b), sizeof(struct in6_addr));
+               ((struct sockaddr_in6 *)&saddr)->sin6_scope_id =
+                       (IN6_IS_ADDR_LINKLOCAL(&((struct sockaddr_in6 
*)&saddr)->sin6_addr)
+                               ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id
+                               : 0);
                break;
 #endif
        }
@@ -4523,7 +4527,7 @@
 #ifdef INET6
        case IPSECDOI_ID_IPV6_ADDR:
 #endif
-               len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr));
+               len = snprintf( buf, BUFLEN, "%s", saddrwop2str((struct 
sockaddr *)&saddr));
                break;
 
        case IPSECDOI_ID_IPV4_ADDR_SUBNET:
@@ -4579,42 +4583,46 @@
                        plen += l;
                }
 
-               len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), 
plen);
+               len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str((struct 
sockaddr *)&saddr), plen);
            }
                break;
 
        case IPSECDOI_ID_IPV4_ADDR_RANGE:
 
-               len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr));
+               len = snprintf( buf, BUFLEN, "%s-", saddrwop2str((struct 
sockaddr *)&saddr));
 
 #ifndef __linux__
-               saddr.sa_len = sizeof(struct sockaddr_in);
+               ((struct sockaddr *)&saddr)->sa_len = sizeof(struct 
sockaddr_in);
 #endif
-               saddr.sa_family = AF_INET;
+               ((struct sockaddr *)&saddr)->sa_family = AF_INET;
                ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY;
                memcpy(&((struct sockaddr_in *)&saddr)->sin_addr,
                        id->v + sizeof(*id_b) + sizeof(struct in_addr),
                        sizeof(struct in_addr));
 
-               len += snprintf( buf + len, BUFLEN - len, "%s", 
saddrwop2str(&saddr));
+               len += snprintf( buf + len, BUFLEN - len, "%s", 
saddrwop2str((struct sockaddr *)&saddr));
 
                break;
 
 #ifdef INET6
        case IPSECDOI_ID_IPV6_ADDR_RANGE:
 
-               len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr));
+               len = snprintf( buf, BUFLEN, "%s-", saddrwop2str((struct 
sockaddr *)&saddr));
 
 #ifndef __linux__
-               saddr.sa_len = sizeof(struct sockaddr_in6);
+               ((struct sockaddr *)&saddr)->sa_len = sizeof(struct 
sockaddr_in6);
 #endif
-               saddr.sa_family = AF_INET6;
+               ((struct sockaddr *)&saddr)->sa_family = AF_INET6;
                ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY;
                memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr,
                        id->v + sizeof(*id_b) + sizeof(struct in6_addr),
                        sizeof(struct in6_addr));
+               ((struct sockaddr_in6 *)&saddr)->sin6_scope_id =
+                       (IN6_IS_ADDR_LINKLOCAL(&((struct sockaddr_in6 
*)&saddr)->sin6_addr)
+                               ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id
+                               : 0);
 
-               len += snprintf( buf + len, BUFLEN - len, "%s", 
saddrwop2str(&saddr));
+               len += snprintf( buf + len, BUFLEN - len, "%s", 
saddrwop2str((struct sockaddr *)&saddr));
 
                break;
 #endif
--- snip ---

This is in ipsecdoi_id2str() that only gets called in the debug case.

struct sockaddr -> struct sockaddr_storage fixes the stack overflow.

For non-linklocal addresses the value in 'scope' is garbage and should be
set to zero.

regards,
        spz
-- 
spz%serpens.de@localhost (S.P.Zeidler)

Follow-Ups:
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: Christoph Badura
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: VANHULLEBUS Yvan
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: Timo Teräs
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: Greg Troxel

References:
- racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: S.P.Zeidler
- Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
  - From: VANHULLEBUS Yvan

Prev by Date: Re: Unable to login after upgrade
Next by Date: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Previous by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Next by Thread: Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?
Indexes:

Home | Main Index | Thread Index | Old Index