Bug 413331 - racoon dies with buffer overflow in MCS/MLS loopback
racoon dies with buffer overflow in MCS/MLS loopback
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
8
All Linux
low Severity high
: ---
: ---
Assigned To: Steve Conklin
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-05 21:36 EST by Joe Nall
Modified: 2008-01-06 20:19 EST (History)
0 users

See Also:
Fixed In Version: 0.7-5.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-06 20:19:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix size of context buffer (510 bytes, text/plain)
2007-12-05 23:30 EST, Joe Nall
no flags Details

  None (edit)
Description Joe Nall 2007-12-05 21:36:19 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

Description of problem:
MCS/MLS loopback has a buffer overflow that is killing racoon. This is due to MAX_CTXSTR_SIZE in policy.h being 50 instead of the RedHat 5 value of

#define MAX_CTXSTR_SIZE 3344  /* (6 * 512) + 256 + 16 */

A context can be quite a bit longer than 50 characters, even without long MLS category strings.


Version-Release number of selected component (if applicable):
ipsec-tools-0.7-3.fc8

How reproducible:
Always


Steps to Reproduce:
Enable loopback labeled IPSEC. Use a context more that 49 bytes long.

Actual Results:
racoon dies

Expected Results:
SA should be formed

Additional info:
This is correct in ipsec-tools-0.6.5-8.el5
Comment 1 Joe Nall 2007-12-05 23:30:07 EST
Created attachment 279171 [details]
Patch to fix size of context buffer
Comment 2 Fedora Update System 2007-12-20 15:16:24 EST
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update ipsec-tools'
Comment 3 Fedora Update System 2008-01-06 20:19:21 EST
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.