Fedora Account System
Red Hat Associate
Red Hat Customer
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 Description of problem: MCS/MLS loopback has a buffer overflow that is killing racoon. This is due to MAX_CTXSTR_SIZE in policy.h being 50 instead of the RedHat 5 value of #define MAX_CTXSTR_SIZE 3344 /* (6 * 512) + 256 + 16 */ A context can be quite a bit longer than 50 characters, even without long MLS category strings. Version-Release number of selected component (if applicable): ipsec-tools-0.7-3.fc8 How reproducible: Always Steps to Reproduce: Enable loopback labeled IPSEC. Use a context more that 49 bytes long. Actual Results: racoon dies Expected Results: SA should be formed Additional info: This is correct in ipsec-tools-0.6.5-8.el5
Created attachment 279171 [details] Patch to fix size of context buffer
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update ipsec-tools'
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.