Bug 413331 - racoon dies with buffer overflow in MCS/MLS loopback
Summary: racoon dies with buffer overflow in MCS/MLS loopback
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ipsec-tools
Version: 8
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Steve Conklin
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-06 02:36 UTC by Joe Nall
Modified: 2008-01-07 01:19 UTC (History)
0 users

Fixed In Version: 0.7-5.fc8
Clone Of:
Environment:
Last Closed: 2008-01-07 01:19:22 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Patch to fix size of context buffer (510 bytes, text/plain)
2007-12-06 04:30 UTC, Joe Nall
no flags Details

Description Joe Nall 2007-12-06 02:36:19 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

Description of problem:
MCS/MLS loopback has a buffer overflow that is killing racoon. This is due to MAX_CTXSTR_SIZE in policy.h being 50 instead of the RedHat 5 value of

#define MAX_CTXSTR_SIZE 3344  /* (6 * 512) + 256 + 16 */

A context can be quite a bit longer than 50 characters, even without long MLS category strings.


Version-Release number of selected component (if applicable):
ipsec-tools-0.7-3.fc8

How reproducible:
Always


Steps to Reproduce:
Enable loopback labeled IPSEC. Use a context more that 49 bytes long.

Actual Results:
racoon dies

Expected Results:
SA should be formed

Additional info:
This is correct in ipsec-tools-0.6.5-8.el5

Comment 1 Joe Nall 2007-12-06 04:30:07 UTC
Created attachment 279171 [details]
Patch to fix size of context buffer

Comment 2 Fedora Update System 2007-12-20 20:16:24 UTC
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipsec-tools'

Comment 3 Fedora Update System 2008-01-07 01:19:21 UTC
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.