Re: [Ipsec-tools-devel] racoon+NAT-T and racoon+debug+IPv6 not so happy?

[VANHULLEBUS Yvan <vanhu%free.fr@localhost>]

On Wed, Oct 29, 2008 at 03:40:37PM +0200, Timo Ters wrote:
> VANHULLEBUS Yvan wrote:
> >> Thus wrote VANHULLEBUS Yvan (vanhu%free.fr@localhost):
> > [....]
> >> This is in ipsecdoi_id2str() that only gets called in the debug case.
> >>
> >> struct sockaddr -> struct sockaddr_storage fixes the stack overflow.
> > 
> > Is this "the good way to fix the overflow, which is done in that
> > structure" or is this "some extra memory allocation which seems to
> > avoid crashes after an overflow somewhere else" ?
> 
> Yvan, this is the official way to fix it. IPv6 requires usage of
> sockaddr_storage instead of sockaddr (which was the IPv4 time standard).
> They changed the name to keep binary compatibility. Who ever added the
> IPv6 stuff to that func was missing the conversion of sockaddr.

Yep, I saw another mail explaining the overflow itself (basically a struct
sockaddr_in6 stored in a struct sockaddr), I just had no time to have
a look at the real source of the overflow, and wanted to ensure
someone else did it :-)


Officially, the patch should be commited by "someone from ipsec-tools
team", but in the real world, I just don't care, as soon as ChangeLog
has been filled in, and as soon as half of the ipsec-team has
validated it :-)



Yvan.