Description of problem: When I want to use `ip xfrm` to config a manual keying connection with two host. It always return "*** buffer overflow detected ***: ip terminated" I find xfrm in kernel source code so I submit it as a kernel bug. I also provide the version for iproute Version-Release number of selected component (if applicable): kernel version 2.6.18-92.el5 iproute-2.6.18-7.el5 How reproducible: always Steps to Reproduce: 1.config your network set up two host with follow ipv6 address 3ffe:501:ffff:104::10 3ffe:501:ffff:104::11 2.# ip xfrm state add src 3ffe:501:ffff:104::10 dst 3ffe:501:ffff:104::11 proto esp spi 0x100 auth 3des "a" mode transport Actual results: *** buffer overflow detected ***: ip terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0xa44e41] /lib/libc.so.6[0xa4444c] ip[0x805feac] ip[0x8060f90] ip[0x804940c] ip[0x8049a3e] /lib/libc.so.6(__libc_start_main+0xdc)[0x975dec] ip[0x8049301] ======= Memory map: ======== 00416000-00425000 r-xp 00000000 08:05 11175434 /lib/libresolv-2.5.so 00425000-00426000 r-xp 0000e000 08:05 11175434 /lib/libresolv-2.5.so 00426000-00427000 rwxp 0000f000 08:05 11175434 /lib/libresolv-2.5.so 00427000-00429000 rwxp 00427000 00:00 0 00563000-00564000 r-xp 00563000 00:00 0 [vdso] 00942000-0095c000 r-xp 00000000 08:05 11175418 /lib/ld-2.5.so 0095c000-0095d000 r-xp 00019000 08:05 11175418 /lib/ld-2.5.so 0095d000-0095e000 rwxp 0001a000 08:05 11175418 /lib/ld-2.5.so 00960000-00a9d000 r-xp 00000000 08:05 11175419 /lib/libc-2.5.so 00a9d000-00a9f000 r-xp 0013d000 08:05 11175419 /lib/libc-2.5.so 00a9f000-00aa0000 rwxp 0013f000 08:05 11175419 /lib/libc-2.5.so 00aa0000-00aa3000 rwxp 00aa0000 00:00 0 00c26000-00c31000 r-xp 00000000 08:05 11174110 /lib/libgcc_s-4.1.2-20080102.so.1 00c31000-00c32000 rwxp 0000a000 08:05 11174110 /lib/libgcc_s-4.1.2-20080102.so.1 08048000-08070000 r-xp 00000000 08:05 10158199 /sbin/ip 08070000-08074000 rw-p 00027000 08:05 10158199 /sbin/ip 08086000-080a7000 rw-p 08086000 00:00 0 b7fdb000-b7fdd000 rw-p b7fdb000 00:00 0 bfd06000-bfd1c000 rw-p bfd06000 00:00 0 [stack] Aborted Expected results: state establish success Additional info: I did not find a man page for 'ip xfrm'. I write the command according to the usage I also have add a policy between two host using [root@server ~]# ip xfrm policy add dir in src 3ffe:501:ffff:104::10 dst 3ffe:501:ffff:104::11 [root@server ~]# ip xfrm policy list src 3ffe:501:ffff:104::10/128 dst 3ffe:501:ffff:104::11/128 dir in priority 0 And I change the value of ALGOKEY for many time all show buffer overflow
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
*** Bug 444724 has been marked as a duplicate of this bug. ***
What are you trying to set up here? An integrity-only ESP SA? The keyword "auth" takes an integrity algorithm, but 3des is a confidentiality algorithm. So perhaps you want to s/auth/enc/?
The problem is that iproute does not check its parameters for correctness enough. If the parameters are incorrect, iproute should not crash, but write some readable error message. I tried different combination of parametres and it's crashing after applying patch for xfrm support in this case :(
ip is not a privileged command so it crashing on bogus parameters is hardly an important issue.
I thought so, I'll give back low priority.
*** Bug 458480 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0204.html