Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

On Wed, Oct 29, 2008 at 03:40:37PM +0200, Timo Ters wrote:
> VANHULLEBUS Yvan wrote:
> >> Thus wrote VANHULLEBUS Yvan (
> > [....]
> >> This is in ipsecdoi_id2str() that only gets called in the debug case.
> >>
> >> struct sockaddr -> struct sockaddr_storage fixes the stack overflow.
> > 
> > Is this "the good way to fix the overflow, which is done in that
> > structure" or is this "some extra memory allocation which seems to
> > avoid crashes after an overflow somewhere else" ?
> Yvan, this is the official way to fix it. IPv6 requires usage of
> sockaddr_storage instead of sockaddr (which was the IPv4 time standard).
> They changed the name to keep binary compatibility. Who ever added the
> IPv6 stuff to that func was missing the conversion of sockaddr.

Yep, I saw another mail explaining the overflow itself (basically a struct
sockaddr_in6 stored in a struct sockaddr), I just had no time to have
a look at the real source of the overflow, and wanted to ensure
someone else did it :-)

Officially, the patch should be commited by "someone from ipsec-tools
team", but in the real world, I just don't care, as soon as ChangeLog
has been filled in, and as soon as half of the ipsec-team has
validated it :-)


Home | Main Index | Thread Index | Old Index