[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[redhat-lspp] racoon segfaults between 32bit-64bit when using security labels



I was testing labeled ipsec/racoon between an x86_64 with 64 bit applications 
and a ppc64 with 32bit applications and racoon segfaulted when setting 
the security context into the proposal from other side.
The security_ctx->ctx_strlen which is u_int16_t was not being handled
properly. 

I have attached the segfault as well as the fix. I have tested fix
between 32bit-64bit and 32bit-32bit. Plan to also test 64bit-64bit
as well. 

Please let me know if the patch is ok. 

Regards,
Joy


segfault:

2007-03-15 10:23:34: INFO: begin Identity Protection mode.
2007-03-15 10:23:34: INFO: received Vendor ID: DPD
2007-03-15 10:23:34: INFO: ISAKMP-SA established 9.3.189.55[500]-9.3.190.213[500] spi:f17051385870af9d:67b9d401e8ce2e0a
2007-03-15 10:23:35: INFO: respond new phase 2 negotiation: 9.3.189.55[0]<=>9.3.190.213[0]

Program received signal SIGSEGV, Segmentation fault.
0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6
(gdb) where
#0  0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6
#1  0x0fec7270 in memcpy () from /lib/libc.so.6
#2  0x100423e4 in set_secctx_in_proposal (iph2=<value optimized out>, spidx=
        {dir = 2 '\002', src = {ss_family = 2, __ss_align = 151239991, __ss_padding = '\0' <repeats 119 times>}, dst = {ss_family = 2, __ss_align = 151240405, __ss_padding = '\0' <repeats 119 times>}, prefs = 32 ' ', prefd = 32 ' ', ul_proto = 255, priority = 0, sec_ctx = {ctx_doi = 1 '\001', ctx_alg = 1 '\001', ctx_strlen = 10752, ctx_str = "ealuser_u:sysadm_r:ping_t:s0-s15:c0.c1023\000\000\000\000\000\000\000\000"}}) at security.c:170
#3  0x10013fb0 in quick_r1recv (iph2=0x1008b530, msg0=0x1008b9f8)
    at isakmp_quick.c:2133
#4  0x22000482 in ?? ()
#5  0x10009140 in isakmp_ph2begin_r (iph1=0x1008a178, msg=0x1008b9f8)
    at isakmp.c:1298
in isakmp_main (msg=0x1008b9f8, remote=0xfd44e73c,
    local=0xfd44e7bc) at isakmp.c:652
#7  0x1000a9ac in isakmp_handler (so_isakmp=<value optimized out>)
    at isakmp.c:359
#8  0x10004c3c in session () at session.c:211
#9  0x100044ac in main (ac=4, av=<value optimized out>) at main.c:247
(gdb)



diff -urpN ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.c ipsec-tools-0.6.5.patch/src/racoon/ipsec_doi.c
--- ipsec-tools-0.6.5.orig/src/racoon/ipsec_doi.c	2007-03-15 14:10:01.000000000 -0500
+++ ipsec-tools-0.6.5.patch/src/racoon/ipsec_doi.c	2007-03-15 14:19:43.000000000 -0500
@@ -3063,8 +3063,11 @@ setph2proposal0(iph2, pp, pr)
 
 #ifdef HAVE_SECCTX
 		if (*pp->sctx.ctx_str) {
+			struct security_ctx secctx;
+			secctx = pp->sctx;
+			secctx.ctx_strlen = htons(pp->sctx.ctx_strlen);
 			x = isakmp_set_attr_v(x, IPSECDOI_ATTR_SECCTX,
-					      (caddr_t)&pp->sctx, truectxlen);
+					      (caddr_t)&secctx, truectxlen);
 		}
 #endif
 
@@ -4189,6 +4192,7 @@ ipsecdoi_t2satrns(t, pp, pr, tr)
 		{
 			int len = ntohs(d->lorv);
 			memcpy(&pp->sctx, d + 1, len);
+			pp->sctx.ctx_strlen = ntohs(pp->sctx.ctx_strlen);
 			break;
 		}
 #endif
diff -urpN ipsec-tools-0.6.5.orig/src/racoon/security.c ipsec-tools-0.6.5.patch/src/racoon/security.c
--- ipsec-tools-0.6.5.orig/src/racoon/security.c	2007-03-15 14:10:01.000000000 -0500
+++ ipsec-tools-0.6.5.patch/src/racoon/security.c	2007-03-15 14:19:31.000000000 -0500
@@ -153,6 +153,7 @@ get_security_context(sa, p)
 				return -1;
 			}
 			memcpy(&p->sec_ctx, d + 1, lorv);
+			p->sec_ctx.ctx_strlen = ntohs(p->sec_ctx.ctx_strlen);
 			return 0;
 		}
 	}


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]