Red Hat Bugzilla – Bug 413331
racoon dies with buffer overflow in MCS/MLS loopback
Last modified: 2008-01-06 20:19:22 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:18.104.22.168) Gecko/20071025 Firefox/22.214.171.124
Description of problem:
MCS/MLS loopback has a buffer overflow that is killing racoon. This is due to MAX_CTXSTR_SIZE in policy.h being 50 instead of the RedHat 5 value of
#define MAX_CTXSTR_SIZE 3344 /* (6 * 512) + 256 + 16 */
A context can be quite a bit longer than 50 characters, even without long MLS category strings.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Enable loopback labeled IPSEC. Use a context more that 49 bytes long.
SA should be formed
This is correct in ipsec-tools-0.6.5-8.el5
Created attachment 279171 [details]
Patch to fix size of context buffer
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update ipsec-tools'
ipsec-tools-0.7-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.